XDR Legacy Agent Exception's behavior

Hi,

We have confirmed through the official manual that XDR does not perform evaluation on files or paths allowed under XDR Legacy Agent Exception.
What I would like to know is whether files covered by a Legacy Agent Exception policy also do not genera

How to delete Endpoints that have old agent and could not be uninstalled

Hello,

I have 2 endpoints with old version:

- 7.3.0.16740 on a server

- 8.6.0.3704 on a computer

I could not upgrade them and have no more access to those computers (in another country).

I asked admin to uninstall, he did not.

How to remove link betw

Cortex Endpoint Isolation - Allowing Microsoft Intune

Anyone have tips on figuring out how to allow exceptions to successfully communication over the internet while an endpoint is in isolation? I would like Microsoft Intune to be able to continue to reach the device while the device is in isolation for

Parsing Rule - SonicWall NGFW

Your mileage may vary. Here's what I came up with 

Yellow Dot

What does the yellow dot mean? I see it in the Artifacts area and in the Assets portion.

Allowing access to a specific IP while blocking the rest of IPs in XDR host firewall

Is there a way to allow access to only one IP on an endpoint while blocking all the other IPs at the same time in xdr host firewall.

I tried using the official documentation , but it's not working

we have a XDR console, in the console there is no system serial number, gateway ip.

we have a XDR console, in the console there is no system serial number, gateway ip.
Cortex XDR Cortex XSIAM 

CorteXDR License Pro - Send Event

The Pro per Endpoint license includes the option "Send Security Event from other data sources."
Why don't I have the Syslog option in BrokerVM?

Thank you very much for your suggestions and answers.

Cortex XDR - Automation Rules

Greetings,

Im trying to configure "Automation Rules" to "High" severity issues for the automatic isolation of endpoints.

Right now its configured as the following images show, but theyre not triggering the playbooks nor rules.

¿Any ideas or sugge

high priority 'Behavioral Threat' alert for smss.exe (system)?

Every few weeks or so getting a high priority alert:

xql query for process

Hi. i just try to do some basic threat hunting. 

dataset = xdr_data
| filter action_process_image_name in ("a.exe", "b.exe")
| fields agent_hostname, actor_effective_username, action_process_image_name, action_process_image_command_line , _time
| sort d

Integration With Other SIEM

Hello,

I want to integrate Cortex XDR with Logrythm (on-prem) problem is the SIEM can't open access to internet, is there any solution ? 

Thank You

Cortex XDR markertspace

"I recently installed the Microsoft Teams add-on in Cortex XDR markertspace, but I'm not sure how to configure it or where to navigate. After adding the add-on, where can I find it and how can I use it?"