Analytic Bioc Rules

Is there a way to see the actual detection of the analytic bioc rules

Normal bioc rules i can open in investigator but these i cannot

Backup software performance

One of our VMs seems to have its performance really impacted when backups run on a file server.  I do not readily see guidance for suggestions on how I might adjust Cortex XDR Prevent's settings to improve things since there is a fair amount of data

cortex xdr - submit false positive - shuttools 1.81

Palo Alto I am having a problem with your program mis classifing my tool suite

Shut.Tools.1.81.docm

as a false positive.  Its a vba macro that has previously been clearing my Microsoft and utilises some MVP code.  I depend on this to undertake my tasks

admin password for brokeVM

HI 

For the brokerVM, what is de admin password when you want to run sudo command? 

I'm currently running broker 10.1.9

Thanks!

Quarntine Malicious file detected by scan

Hi all,

When I initiate a scan to a machine a the action of malicious file is Detected (Scanned) but it is not getting quarantine although we enabled the quarantine malicious files in Behavioral Threat Protection.
Anyone know the reason ?

Thank you,

Endpoint shown as 'Connection Lost' - cannot reach

I have a user (my boss) who is one of several endpoints with a status of 'Connection Lost'. I'm not actually able to ping him from the DNS server when he is plugged in to the network at work; the XDR portal reports two IP addresses which are probably

Export data from Host Insight

I have not found a way to export data from the host insight addon, is this possible?

For example, the user list in host insight, Export to csv tsv

Windows Defender Firewall blocking applications

Hello all,

We are moving from Symantec Endpoint Protection (SEP) to Cortex XDR. If you are not familiar with SEP, it has its own firewall built in. When active, Windows Defender only manages a few aspects of the firewall. Since moving to having Cortex

Integrating multiple Cortex XDR with QRadar

Hi,

Thought I would give livecommunity a shot on this. We have been looking into integrating several Cortex XDR instances into a single QRadar instance but have come across an issue where it does not seem to let us change the syslog identifier name o

Device Control

Can Cortex XDR prevent the use of other USB devices other than Disk Drives, CD-Rom Drives, and Floppy Disk Drives? If one of my users plugs in a printer, can that be denied? Can the same be done with SD cards?

XDR Network location configuration & VPN

Hello!

On all our endpoints we are using XDR with firewall(Uses built in Windows firewall) and Palo Alto GlobalProtect VPN connecting to PanOS devices at our office. We use split tunneling for the VPN, that means that only specified traffic goes thro

XDR policy targeting using AD

Hi there,

When we are trying to target a policy using AD group some of the listed endpoints is not a member of selected group.

To get more clarity we selected a group which only contains users and even then the result listing some random endpoints.

Is

Cortex XDR with Carbon Black

Hi All,

  I know it is a stupid question but I am encountering this situation that we need to install Cortex XDR working with Carbon Black (it's a long story). May I know if anyone experienced this before or any suggestions on exclusion? Thank you so