Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Missing function Virus Total check

Hello dear community,

since today we are missing the point of departure virustotal in the APP GUI.

It is not possible to launch this function in the incident anymore. Except via Quick Launcher. Is this a bug or a feature?

BR

Rob

SD Card Blocking on MAC OS

Team, Please let me know whether we have an option to block in-built SD Card Readers in MAC Machines.

Thanks!

Getting tags from EC2 instance.

Hello,

We have multiple tags assigned to hosts as part of EC2 instances. Is there a way we can reflect those tags in the XDR console.

Thanks !

Populate data from the host

Hello, Is there a way to get data that is there on the host and then populate it on the XDR . eg. get tags available on the host and then automatically populate it in the XDR console?

Resolved! Cortex XDR Tags with logo

Dear All,

I configured some tags while the installation of the the agent on the workstations, they have the logo attached.

But I need now to change some tags or remove them using Cortex XDR management console.

I tried Manage Endpoint Tags (paloalt

...

Resolved! Checking Content update version in endpoint(Cytool)

Hi All,

Can anyone let me know how to check the content update version at the endpoint level?

It is not visible in the agent console.

Can I make use of Cytool? If yes, what is the command to check?

Thanks!

Cortex XDR

Populate data from the host

Hello, Is there a way to get data that is there on the host and then populate it on the XDR . eg. get tags available on the host and then automatically populate it in the XDR console?

Resolved! Cortex xdr : create custom widget

Dear all,

I want to create a widget which contains the incidents by severity but I need to add a filter by tags.

Can I have an example of the XQL query.

Best regards,

Resolved! Connector from XDR and AWS portal

Hello,

Is there a way to create a connector between cortex console and AWS portal that can fetch EC2 information as soon as the agent comes online and then populate the data received by this connector into the XDR.

Thanks !

Resolved! Does the Cortex XDR Agent work in Windows Safe Mode?

Hello dear Community,

Does the Cortex XDR Agent work in Windows Safe Mode?

https://attack.mitre.org/techniques/T1562/009/

BR

Rob

Cortex XDR Auto update mechanism

Does anyone know the Cortex XDR Auto update mechanism?
I recently found that some agents failed to update automatically. The failed content included content update and agent update. The console log did not give the reason for the failure. What are the

...

Behavioral Threat alerts for sdiagnhost.exe spawning cronhost.exe - false positive?

Hi community,

Wondering if anyone else is seeing BT alerts for sdiagnhost.exe appearing over the last 24 hours? We have had similar things occur in the past due to over excited signature updates cause false positives.

This process is one that MSDT

...

Incident question - svchost without signature?

Hello dear community,

you know how to handle this svchost.exe without signature? In my opinion it is FP, but why?

Isn't it possible for the cortex agent to read the signature from svchost.exe in this case?

I tweaked the alert and gave it m

...

Global Rule a4978720-39fc-404f-bb74-c3db07ef4f9d - ISO mounted manually questions

Hello dear community,

in my mount tests I could find out following:

- if you mount the same file name 2 times with different file data inside the iso, the alert isn't created because the file isn't beeing created. I think the recent folder is no

...

What was uploaded to google storage?

Hello dear community,

how can I find out with Cortex XDR PRO (non per TB, non connected Firewall, etc.), which data was uploaded in this example? Has anyone an idea or script to do so?

BR

Rob

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Resolved! Missing function Virus Total check

SD Card Blocking on MAC OS

Getting tags from EC2 instance.

Populate data from the host

Resolved! Cortex XDR Tags with logo

Resolved! Checking Content update version in endpoint(Cytool)

Populate data from the host

Resolved! Cortex xdr : create custom widget

Resolved! Connector from XDR and AWS portal

Resolved! Does the Cortex XDR Agent work in Windows Safe Mode?

Cortex XDR Auto update mechanism

Behavioral Threat alerts for sdiagnhost.exe spawning cronhost.exe - false positive?

Incident question - svchost without signature?

Global Rule a4978720-39fc-404f-bb74-c3db07ef4f9d - ISO mounted manually questions

What was uploaded to google storage?

Force XDR Agent

I want to block commands and special operations that require administrator privileges on Windows.

Can Cortex XDR fully substitute for Microsoft Defender Attack Surface Reduction (ASR) rules?

Evasion Technique - 1244315488

Other Network Source Checkpoint,Fortinet Cortex can auto stich

Re: Force XDR Agent

Force XDR Agent

Re: I want to block commands and special operations that require administrator privileges on Windows.

Re: I want to block commands and special operations that require administrator privileges on Windows.

Re: Rare Login Query Not Working

Unlock your full community experience!

Rules and Best Practices

Resolved! Missing function Virus Total check

Resolved! Cortex XDR Tags with logo

Resolved! Checking Content update version in endpoint(Cytool)

Resolved! Cortex xdr : create custom widget

Resolved! Connector from XDR and AWS portal

Resolved! Does the Cortex XDR Agent work in Windows Safe Mode?