CorteXDR License Pro - Send Event

The Pro per Endpoint license includes the option "Send Security Event from other data sources."
Why don't I have the Syslog option in BrokerVM?

Thank you very much for your suggestions and answers.

Cortex XDR - Automation Rules

Greetings,

Im trying to configure "Automation Rules" to "High" severity issues for the automatic isolation of endpoints.

Right now its configured as the following images show, but theyre not triggering the playbooks nor rules.

¿Any ideas or sugge

high priority 'Behavioral Threat' alert for smss.exe (system)?

Every few weeks or so getting a high priority alert:

xql query for process

Hi. i just try to do some basic threat hunting. 

dataset = xdr_data
| filter action_process_image_name in ("a.exe", "b.exe")
| fields agent_hostname, actor_effective_username, action_process_image_name, action_process_image_command_line , _time
| sort d

Integration With Other SIEM

Hello,

I want to integrate Cortex XDR with Logrythm (on-prem) problem is the SIEM can't open access to internet, is there any solution ? 

Thank You

Cortex XDR markertspace

"I recently installed the Microsoft Teams add-on in Cortex XDR markertspace, but I'm not sure how to configure it or where to navigate. After adding the add-on, where can I find it and how can I use it?"

Cortex XDR update from V3 to V4

Hello everyone!

Hope you're doing it great.

This week on my cortex XDR console a notification appeared saying that an update to the V4 of the tenant is available.

That sounds great, but I'm concerned about what's the impact on my already deployed

Monitoring PowerShell Command

Hello everyone!
I received an alert about PowerShell with the DCsync rule.
I'd like to check if I can see the code that PowerShell executed.

I can only see the "PowerShell_ise.exe" process. I don't know what code or command generated the alert.

There

How to find duplicates incidents

Hello! I would like to ask if anyone can help me find duplicate incidents based on key value pairs in Context data?

Parsing rule for tagging data from a specific broker-vm

reminder for subscription renewal

I'd would like to to know if any reminder process is in place for up coming subcription renewals. We had a cortex edr subscription and the subcription didnt generate any warnings (neither visual within the portal nor a via an enail) and silently we

Scan SharePoint Sites or other cloud storage using Cortex

Dear community,

Recently I noticed there are some suspicious files in some of our SharePoint folders. I'm wondering if it's possible to somehow scan SharePoint sites, network shares, or even other cloud storage using Cortex!

BR,

Storage Device Management

We are in the process of blocking USB Storage devices using Cortex XDR. We have the Device Configuration Extension Policy setup with the settings we want. The issue that we have is that it can only be Allowed or Blocked. How can we set to just monito