Feature Request – Add ability to capture memory dump

During a recent investigation our team came across a situation where we needed to take a forensic image of a device on our network. Prior to taking the image, we had hoped to utilize Live Terminal in order to remotely capture a memory dump to get a h

GoToMeeting Whitelist

Does anyone know how to whitelist the GoToMeeting download?

It is an EXE but the client agent blocks it.  When I attempt to whitelist it, EVERY SINGLE download is a different hash value making it impossible to whitelist.

Thanks for any suggestions.

FIltering for Content Version

Palo recently issued a security bulletin where we are protected if we have Content Update 150.  I was trying to add a filter for "< 150-39463" to only see those endpoints that might not have checked in for a bit.  The 7.1 documentation does not show

Work with an email attachment

Hello community,

I'm facing some problems in order to work with the attachment of potential phishing cases. The phishing button that we have configured sends the original email as an attachment without format. Which is making XSOAR read it like that:

Bitlocker recovery keys not present

Hello,

I wanted to check if someone can shed some light on this issue I had.

During a Cortex XDR PoC, the end user activated the Disk encryption policy on a couple of workstations without confirming the pre-requisities so these workstations encrypted

Can paloalto network Cortex XDR endpoint protection replace antivirus?

Authentication BIOC rule

Currently, I can create one-off or scheduled queries for authentication data / events but not BIOC rules which isn't ideal because scheduled queries don't create incidents.

Is it on the roadmap to add this ability?

Thanks.

Timeframes for BIOC rules

It'd be very useful for things like failed logons or network connection attempts if BIOC rules could utilise timeframes.

Is this on the roadmap?

It could work well if this was done in a similar way to NGFW → OBJECTS → Custom Objects → Vulnerability →

Demisto : How to display List of Messages

Hi Team, I am using create_incident API to create incidents. Below is the sample code. I can create an incident when I use "messages" as String.  Basically, this is custom_fields and its data vary from incident to incident.  Some incidents may have 

'Kernel Privilege Escalation' generated by XDR Agent detected on host xyz involving user xyz

Hi All

We are receiving large number of alerts in our cortex xdr console, The alert is as below, (hostname and user name I have kept as XYZ for privacy)

'Kernel Privilege Escalation' generated by XDR Agent detected on host XYZ involving user XYZ"

In

.zip files Cortex XDR PRO

Hi community,

Can cortex detect and analyze .zip files with password and delivered via email?

Mitre ATT&CK techniques missing

After reading https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2020.html#ide2559432-5eb3-4f83-8e85-c4159aeed9ed → "MITRE Tags Enhancements", I retroactively ad

Send Mitre ATT&CK information via Syslog

Hello Friends,

Does anyone knows how can we send the Mitre ATT&CK information/reference from Cortex XDR Alerts via Syslog?

The default configuration does not have this reference.