Recent Change - creation of Threat ID #8002 Alerts in Cortex

Hello all, 
Beginning on or around 14/15 December, I began to notice we were commonly generating the following Alerts in Cortex:

Alert name: Threat ID #8002

Description: Scan Detection

Alert Source: PAN NGFW

Category: Scan Detected via Zone Protection Pro

The Cortex XDR version upgrade on my computer is not progressing from "In progress".

The Cortex XDR version upgrade on my computer is not progressing from "In progress".

When grouping and upgrading some agent has stuck on "In Progress" situation, we cannot even cancel and stop it.

Even rebooting the computer and then upgrading again do

Cortex XDR Threat Hunting Community

Hi All,

Is there there threat hunting community for Cortex XDR?

Cheers

Cortex XDR Alert Dump File Analysis

Is there a way we can analysis the dump file when a behavior based alert is generated for an incident? We would like to analysis the process dump file with volatility for windows 10 machines.

Thanks for the help in advance.

How to check receive log from fortigateVM64 on VM broker syslog collector

How to check receive log from fortigate VM64 on VM broker syslog collector?
I setup log fortigate VM64 pattern as by Cortex xdr manual but no log from FortiGate send to Cortex Data Lake.

App-ID for endpoint-based BIOC rules

Currently, BIOC rules can be created for "NETWORK" (endpoint-based) or "NETWORK CONNECTIONS" (NGFW-based) but only the latter supports the usage of App-ID and VPN infrastructure isn't always in place or available.

Are there any plans to add this?

Feature Request – Add ability to capture memory dump

During a recent investigation our team came across a situation where we needed to take a forensic image of a device on our network. Prior to taking the image, we had hoped to utilize Live Terminal in order to remotely capture a memory dump to get a h

GoToMeeting Whitelist

Does anyone know how to whitelist the GoToMeeting download?

It is an EXE but the client agent blocks it.  When I attempt to whitelist it, EVERY SINGLE download is a different hash value making it impossible to whitelist.

Thanks for any suggestions.

FIltering for Content Version

Palo recently issued a security bulletin where we are protected if we have Content Update 150.  I was trying to add a filter for "< 150-39463" to only see those endpoints that might not have checked in for a bit.  The 7.1 documentation does not show

Work with an email attachment

Hello community,

I'm facing some problems in order to work with the attachment of potential phishing cases. The phishing button that we have configured sends the original email as an attachment without format. Which is making XSOAR read it like that:

Bitlocker recovery keys not present

Hello,

I wanted to check if someone can shed some light on this issue I had.

During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted