Resolved! Exporting alert related data

Hi All,

Is there a way to export all the alert data which appears below Causality chain like network connections, registry changes, etc ?

I don't see any download or export icon on the right-hand side of the pane. 

Do we have any other way to e

Resolved! Tamper protection question

Hello dear live Community! 

I found a very interesting link on Twitter and would like to know if there is any detection and/or prevention for this technique?

https://synzack.github.io/Blinding-EDR-On-Windows/

BR 

Rob

Resolved! Automatically adding the endpoints to groups or tags

Hello , 

Is there a way where we can automatically assign an endpoint when its added to XDR based on its name into a specific group or tag 

Thanks.

Resolved! Duplicate endpoint entries observed

Hi All,

We have started noticing duplicate endpoint entries in the "All Endpoints" section.

After checking all the fields we found that there are different endpoint_ids for the same endpoint name.

What could be the reason behind the creation of thes

Resolved! Cortex XDR - Clients can't reconnect to Tenant after long time offline

We have several Client PCs, Laptops as spare and Client PCs / Laptops on construction sites without internet access  that have Cortex XDR installed.

They can only get online in uneven intervals, sometimes several months so they get removed from the te

Resolved! Cortex Agent and PostgreSQL Server

Has anyone installed a Cortex Agent on a high performance database server such as PostgreSQL?  We are reaching the point in our rollout where we will need to decide if this is something that we can do without negatively impacting the performance of o

Resolved! Serial Number of endpoints

Hi All,

Does the Cortex XDR agent fetches endpoint serial number ?
If yes, where I can find it in the XDR console(Under which field).

Thanks in advance !!

Resolved! Alerts retention duration in Cortex XDR

Hi !

Does anyone know how long alerts/incidents will be visible in Cortex XDR ?

In our tenant we have alerts older than 1 year and I was wondering if they disappear after some time or if they will be accessible forever but I can't find this informati

Resolved! Create report that shows new incidents based on a specific Incident Source

Hey!

We have different teams looking at different incident sources.

Is there a way to report a widget or report that displays new incidents coming in for a specific Incident Source?

Example:

Only XDR Analytic BIOC alerts would show up in this f