Change alert (not incident) severity for future same alerts

The severity of "Administrative Hash Exception" alerts (not incidents) is low, and since they are not created as incidents, I want to change the severity of these alerts to medium so that they are created as incidents next time.

When I go to Incident

RedHat 8/9 XDR client count limited

As I have added clients to my XDR Linux group I have seen a situation where I hit a limit on client count (under 20 BTW). After I have them all added there will be 2 or 3 missing. If I restart the process on a missing client, that one immediately app

XDR Analytics Data source

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Analytics-Alert-Reference-by-data-source/BitLocker-key-retrieval https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Analytics-Alert-Reference-by-data-source/Exchange-mailb

Cortex XDR-Agent failed to generate support File - Error 13 - Error 109

Greetings,

when trying to create a Support File via Agent-GUI or CMD on a Windows Client, the Operation either crashes the Agent-Service (GUI) or Outputs the Error shown in attached Screenshot.

- Disk-Space on Client is >100GB

- Connection to Cor

File upload to open Cloud Applications

HI Team,

I'm running a test case in uploading test documents to open source Cloud applications.

I was successful, but in xdr_data and Zscaler dataset; the file uploads and file names are being shown as blank or none.

Please let me know

1. if this

Alert generation / Test cases/samples for Cortex XDR protection module testing

Hello Team, 

Could anyone assist with generating alerts and creating test cases or samples for testing the Cortex XDR protection module?

We successfully generated an alert using a WildFire PE file, but we now need to generate alerts for each policy

Unpatched Vulnerabilities Protection

Hi,

I see this written in Unpartched vulnerability protection module section "Modify system settings temporarily as a workaround to protect unpatched endpoints from known vulnerabilities".

I have searched but found no details regarding this, can anyo

Any way to scan for specific Registry DWORD entries with a value of 1 under a targeted Hive?

Im trying to figure out how to write a script to search for the DWORD values of "State" and "RefCount" that = 1 in the sub folders (profiles) in the hive: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList Then show the hostn

XDR Multi tenant MSSP Add on Modules

Does anybody have any details on how add on licenses (eg, Forensics,Host insights, ITDR etc) work within a Multi tenant XDR environment? Does the add on license automatically apply to all child tenants or does it have to be assigned? Does everything

User Added to Local Administrators Group XQL Query

Hi Family , 
I want to create a Cortex XDR query that generates an alert when a user creates a local account and adds it to the administrators group.


dataset = xdr_data
|filter event_type = ENUM.EVENT_LOG and action_evtlog_event_id in (4732, 4728)

here

Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

TLDR; Cortex dashboard shows EOL agents on Windows machines but upgrades fail, uninstalls fail, and Cortex is not showing as an installed program. However, Cytool can be disabled/enabled.

-----

We have a few machines with outdated agents. Using the C

SLS is required for Ingesting NGFW logs?

Hello all,

I have Pro per GB in my Cortex XDR and wish to gain more visablity in Network.
Is it compulsory to have Strata Logging Service license in order to make this works?
does Strata Logging Service license comes with my Firewall subscription or do