Blocking VPN Extensions in Browsers (Chrome, Firefox, Brave) Using Cortex XDR Agent

Hi Community,

I have a query: How do I block VPN extensions in browsers (Chrome, Firefox, Brave) using the Cortex XDR agent? If it's possible, could you please explain how to do this?

new feature in the Cortex XDR agent 8.3, Agent Certificates

hi

i have cortex xdr on several endpoints, can you explain me more about the new feature Agent Certificates and its implication and how to work? i want to set enabled this function because is disabled for old tenants

Xql query for filtering os version like microsoft windows 10 pro and microsoft windows 10 enterprise.

Hi , Family 


I want to filter Microsoft Windows 10 Pro and Microsoft Windows 10 Enterprise from all my endpoints. In All endpoints section, it's currently showing only Windows 10 as the Operating System. I need a query that differentiates between Pro

Pulling an inventory of Chrome Browser Extensions

Hi,

I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a q

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case?  

Cortex XDR 

Cortex XDR Host Firewall - Use it public WAN?

Hello dear community, 

are you using the above mentioned module on windows notebooks with public routable ip addresses? 

Is this firewall module recommended for such public facing scenario?

BR

Rob

Running an XQL Scheduled Report Email If a Result is Found

Hello, 

I have a working XQL query that deals with Host Connectivity. Can I configure this to run as a scheduled report and only if there are results the report can be sent by email? 

I do not want to receive empty reports. Can this be done in XQL or

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. 

I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We a

How can I see the device control violations logs from XQL?

Good afternoon,

Is there a way to see the logs that are generated in Device control Violations?

I know that using preset = device_control in XQL we can see devices but this preset does not give me all the data that appears in the Violations section..

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully.

The XDR agent communicates through the broker VM, and their communication is also

Cortex XDR DNS Collectors

Hi community,

I have a query regarding Cortex XDR collectors. When installing collectors on the local DOM servers, what types of logs does the Cortex XDR console retrieve? How can these logs help with the investigation of incidents?

Move Cortex XDR agent from one tenant to another (and back)

When we move an agent to a new management server, what would happen to the logs and telemetries we have on the old tenant? Would they be retained as per the usual policy or would they just get purged?

Also if we then move it back to the old tenant,