Cortex XDR Discussions

XQL removes endpoint CVEs and ALL information

I want to remove all information related to the endpoint "ABC". However, with the following xql query, it only removes cves that are exclusively associated with this endpoint. If a cves is associated with multiple endpoints, the affected_products, af

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

1. New Certifica

Appcrash Windows event log entry for "cyinjct.dll"

Hello,

I'm wondering if anyone ever had this problem. Appcrash event is occurring for "cyinjct.dll":

Host: Windows Server 2019

Cortex Agent version: 8.7.0.7735

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provi

Email confirmation:

Hello Everyone,

When we request the Palo Alto team to review or change the category of an executable that is already been tagged as 'Malware' , why don't we receive an email confirmation from the platform acknowledging the receipt or change of the

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

Dear Everyone,

I would like to use the XDR BIOC Rule to block the host from creating, editing, deleting, renaming, etc. files in specific file paths.

I tried to write a BIOC Rule but found that it can't be successfully applied to the Restrictions p

BIOC not supported

Good afternoon,

I'm trying to create a BIOC rule that tells me when users are trying to access the wetransfer.com and dropbox.com DNS. To do this, I generated the following XQL. When run, it shows me the logs of the connections to these DNS.

data

On-demand file Examination policy

Hi,

I've got 3 questions.
1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are bein

Legacy Agent Exceptions or New menu??

Hi, what's your opinion?

Legacy Agent Exceptions or Global Exceptions Menu??

What's the difference? Which one is better?

Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings

Alert for Any PowerShell Script Execution in Cortex XDR

Hi Cortex XDR Community,

I want to set up an alert in Cortex XDR that triggers whenever any user runs a PowerShell script. The alert should activate for any script or command executed in PowerShell, regardless of the user or specific script.

Is there

Custom Parsing Rule - Cohesity

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets

The only known issue I'm seeing so far is the logs get dupl

Scanning Linux host, only scans a portion of the FS

Hello there,

I recently initiated a Malware scan on a linux host and when I went to see the results I see that it seems that it scan only two dirs (/opt, /usr) only.
Why is that the case?

The host has more directories of course and there are multiple

Role based privilege's

Dear Team,

As per the client requirement, Kindly suggest for the role based privilege's that can be assigned L1 and L2 users accordingly.

where L1 is lower level engineer and L2 is above L1.