As of at least 2020/07/10, I've only ever seen Cortex XDR capture PowerShell commands were included as parameters of a command-line process - never in-shell commands (opening PowerShell then manually executing the commands).
Enabling PowerShell modul
...
The file event search is supposed to support reads but I've never seen it work.
Is this a known problem?
Examples:
Is it possible to view the forensic timeline for an endpoint in general, not only for information that the system thinks is relevant to a specific incident?
If not, can this be added?
Has anyone upgraded to the 7.2.0 agent yet that has experienced performance issues? Like most persons our environment is constantly changing, but at the suggestion of someone at Palo Alto I upgraded my system to the 7.2.0 release last Thursday for a
...
Hi, I'm trying to build XQL queries that target internal vs external IP ranges.
This is easy in the normal query builder with 10.0.0.0/8|172.16.0.0/12|192.168.0.0/16 but I'm not able to re-create this in XQL.
dataset = xdr_data
| filter event_type =...
