Demisto : How to display List of Messages

Hi Team, I am using create_incident API to create incidents. Below is the sample code. I can create an incident when I use "messages" as String.  Basically, this is custom_fields and its data vary from incident to incident.  Some incidents may have 

'Kernel Privilege Escalation' generated by XDR Agent detected on host xyz involving user xyz

Hi All

We are receiving large number of alerts in our cortex xdr console, The alert is as below, (hostname and user name I have kept as XYZ for privacy)

'Kernel Privilege Escalation' generated by XDR Agent detected on host XYZ involving user XYZ"

In

.zip files Cortex XDR PRO

Hi community,

Can cortex detect and analyze .zip files with password and delivered via email?

Mitre ATT&CK techniques missing

After reading https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2020.html#ide2559432-5eb3-4f83-8e85-c4159aeed9ed → "MITRE Tags Enhancements", I retroactively ad

Send Mitre ATT&CK information via Syslog

Hello Friends,

Does anyone knows how can we send the Mitre ATT&CK information/reference from Cortex XDR Alerts via Syslog?

The default configuration does not have this reference.

Web filtering in Cortex?

Hello,

We have just recently implemented Cortex XDR for endpoint protection and have a question about web filtering.  Are there profiles/polices in Cortex XDR that can enable any web filtering features or is web filtering strictly a firewall feature?

Client groups in Cortex XDR

Hello,

We are an existing Palo customer and we are moving to Cortex XDR for our Antivirus solution. In our current AV application we have groups for different clients based on exceptions or application for various reasons. It is very easy to create i

Unable to upgrade Traps from 5.0.x to XDR 7.2

Hi Community,

I am unable to upgrade the Traps agent from v5.0.x to 7.2 using the rule from XDR console. I have upgraded from 6.0. Not sure whether my antivirus is blocking it.

I can see the version is showing as upgraded in the console for a while th

Cortex XDR agent Consuming full resource while scanning

Hi All,

Cortex XDR agent consuming my full resource while scanning. Did anyone face this kind of issue?

I am using another endpoint(Symantec) in the same workstation. Planing to whitelist the cortex XDR folder from Symantec. Please share which are th

Conflicts with Third Party Encryption Application

It appears that Cortex XDR does not play well with the existing encryption product we use.  There is no indication of any issues whatsoever, but when you attempt to decrypt the drive the application is not successful at decrypting all of the files. 

Grok Filter for Syslog entries

Does anyone have a Grok filter compatible with Cortex XDR syslog entries?

I'm piping Cortex XDR syslog into logstash and then through to Elasticsearch for parsing & alerting, but there seems to be two nested log formats. One pipe-separate and then in