Cortex XDR Alerts not found after resolving

We have resolved some alerts in Cortex XDR  by adding the initiator path to allow list of specific policy but those alerts are not visible in the Cortex XDR alerts console anymore and neither in the management logs.

Cortex XDR @Cortex-support 

Cortex XDR

Hi people,

1) I have installed the cortex XDR on end user PC and when I tried to scan email attachment on the end user PC I am not able to see any option to scan email attachment. I am a system Admin and I want the end user to scan email attachment w

Integrate Cortex XDR with the SIEM (Microsoft Azure) solution

 Integration of Cortex XDR with the SIEM (Microsoft Azure) solution 
Had a few queries regarding it:- 
1. Supported integration methods & recommended integration methods for integration with Microsoft Sentinel.
2. What all logs can be forwarded (eg: Ale

Help! Upgraded to 7.8.1.11343 now all clients can’t run certain applications

We upgraded our clients from version 7.7.X to 7.8 and things like Visual Studio and Gitkraken and homegrown apps fail to run. No logs and really no errors other than just crashes or freezes. I pause XDR Agent and it runs fine. Anyone else experience

XDR agent install rolls back

Hi all,

 Has anyone ever had it where an agent will lose connectivity with the management console and will not reinstall afterwards? 

 I have an endpoint that lost connectivity with the console. Would not check back in. I removed it via the Control P

Adding Endpoint to Dynamic Group by "Installation Package" Name

Hi there,

Recently I have received a request from client that they would like group endpoint automatically by the installation package, just like their previous deployment of their existing endpoint agents. Since it is much less admin overhead and

Outdated content update

Hello , 

What could be the possible reasons for outdated content version despite the agents running in the latest agent version .

Regarding running of command

Looping in queries , Hi , I want to able to query if a particular command was executed after another one . For example if sudo was executed and then another command . How do i query that ?

External Alerts Mapping, Alerts are always assembled to one Incident

Hello,

I have a little issue and I don´t know how to solve it.

Hopefully someone knows a hidden or 'unofficial' feature of XDR regarding this.

Briefly explained the structual background:
I am logging from diffrent Forti Firewalls into the XDR, thi

May this cmd for password query could find into a content update?

https://twitter.com/VirtualAllocEx/status/1599048829084794880?s=20&t=V1OyrvuCbhYez-wkSXNk1A

Or ist there a rule ready for this?

BR

Rob

XQL Query DNS resolutions

I'm attempting to pull out the name, type, and value from the dns_resolutions data

The below query results in "FAILED TO RUN QUERY" with no data, removing the alters does return data however no fields available return "value" in the dns_resolutions