DTRH: Finding New XQL Fields and Joining Data

DTRH: Finding New XQL Fields and Joining Data

I was trying to look at some user login information through XQL and I started poking around the different fields that were being returned. I began one of the user login sample queries available in the q

Host Firewall API

Has anyone had any luck adding IPs to the XDR host firewall via API?

It seems like this would be a great function to have. (Looking at you Palo Alto DEVs)

I've also looked at:

Adding IPs to an IOC - but IOCs cannot be added to custom blocking rules

How to allow hash for specific endpoint on allow list

There is an option in the hash to define an action-allow list, but it allows the hash for all the endpoints. We need to allow hash for specific endpoints, but we don't want to create a policy and profile for each and every time. Is there a way to all

Why none of the CVEs on Cortex XDR are from years prior to 2017?

All the CVEs that appear on the platform Cortex XDR date back to 2017, when I see the vulnerability assessment section, none of the CVEs are from years prior to 2017. Could you give me an answer as to why this is so?

Does Cortex XDR BIOC analytics alerts get blocked after setting Global Behavioral Threat Protection to block

Hello team,

Does Cortex XDR BIOC analytics alerts get blocked after setting Global Behavioral Threat Protection to block ? or how Cortex XDR decide to block/detect the behavioral threat alert?

Cortex XDR 

Queries about different operating system and the hours of attention to incidents

Hello everyone,

I am trying to create some XQL queries to create some dashboards but without success. I wanted to know if you could help me, the questions would be the following:

1. that the different operating systems are shown, but that it shows

Assistance Needed: Blocking URLs (Google Docs & Gmail, TeamViewer and others)

Dear Support Team,

I am writing to request assistance with configuring a policy within in my version of Cortex XDR Pro.

As part of the migration process, I need to restrict access to Google Docs and Gmail, TeamViewer and others to ensure the blocking

Cortex XDR Scanning on Exchange and Sharepoint Servers

Hello,

We are looking to add the XDR agent to our on-prem Exchange and Sharepoint servers, and I had two questions about the scanning capabilities of the agent on these servers. 

1. Does XDR scan emails and attachments that reside on Exchange servers?

Query to Monitor Computer Uptime

Hello,

I intend to formulate a new query to retrieve the computer's uptime, and if the system has been active for more than 30 days, generate an alert. Although I attempted the following XQL Search, the outcome yielded no results:

Cortex XDR agent and EICAR malware test file

Hi team,

It feels like I'm missing something and so would appreciate of someone could explain to me why the XDR agent on Windows (latest 8.2.1 with block policy) is not reacting to EICAR malware test file (X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-

CDL or Strata Logging Service: Tenancy is getting expired in two days, how to renew the tenancy

I have access to an instance of "Strata Logging Service".

My tenancy to Strat Logging service is ending by: Jan 25th.

Need help in renewing the tenancy .

Thanks,

Debabani

Firefox Extensions

Hello guys, this is my first post, I'm glad I can be part of this community, I tried to make a query to see what extensions are installed in Firefox. I hope it is ok and useful and if you have something to add to improve it, I would be very happy.