Unable to upgrade Traps from 5.0.x to XDR 7.2

Hi Community,

I am unable to upgrade the Traps agent from v5.0.x to 7.2 using the rule from XDR console. I have upgraded from 6.0. Not sure whether my antivirus is blocking it.

I can see the version is showing as upgraded in the console for a while th

Cortex XDR agent Consuming full resource while scanning

Hi All,

Cortex XDR agent consuming my full resource while scanning. Did anyone face this kind of issue?

I am using another endpoint(Symantec) in the same workstation. Planing to whitelist the cortex XDR folder from Symantec. Please share which are th

Conflicts with Third Party Encryption Application

It appears that Cortex XDR does not play well with the existing encryption product we use.  There is no indication of any issues whatsoever, but when you attempt to decrypt the drive the application is not successful at decrypting all of the files. 

Grok Filter for Syslog entries

Does anyone have a Grok filter compatible with Cortex XDR syslog entries?

I'm piping Cortex XDR syslog into logstash and then through to Elasticsearch for parsing & alerting, but there seems to be two nested log formats. One pipe-separate and then in

Cortex XDR Prevent Did Not Detect ncat

Hello I am new to Cortex XDR. I tried ncat on a PC with Cortex XDR Prevent (with Windows Defender) and it did not detect or stop the connection from Kali a PC. Windows Defender showed a warning and once I allowed it I was able to connect on ncat from

Cortex XDR folder exclusion

Hello,

does anyone know if it is possible to exclude an entire folder on a Windows machine from Cortex XDR scan in order to launch executable files without being blocked and having to add the file hash to the whitelist ?

prevent exe application to install in a system via cortex xdr agent

Hi,

Can we prevent any .exe for e.g. anydesk application for installation in a system if the cortex XDR agent is installed, if it does how to configure it? 

Cortex XDR Alerts - Slack Integration

Is there any way to include the hostname for alerts received in Slack? They are very valuable to receive on the phone late at night, but would be even better if we had a bit more information: hostname, domain, something that indicates this is a test

Exceptions "Child process"

Hello!!

How are you?  i need confirm an action when add exception for child process, i have several alerts for "WmiPrvSe.exe Rare Child Process" that are false positive, and im considering add to whitelist in the profile associated.

For create it i

CISCO ASA Firewall connection to Cortex XDR

Hi, 

We have an environment where by we have CISCO ASA Firewalls, our Client Base would communicate with a Proxy Server and then this would pass the details onto the Firewall and the ASA Firewalls would then communicate with Cortex XDR. 

As Cortex XDR