Failed to load license data

Since our recent renewal, which is reflected in Assets in the support portal, attempting to Cortex XDR results in an error message of "Failed to load license data or license is expired."

Background: We recently renewed our Cortex XDR Pro license. W

XQL Query - Union between Alerts and Incident datasets

Hi

I want to write an XQL query wherein i will be able to get both details of incident and Alerts in one table.

I want to correlate Incident ID and Description with the tables found in Alert dataset like CGO, Initiated by, Action process etc

XDR USB Activities

Hello, 

I have a few questions and I would be happy If you answer them. 

Questions:

1. In device control tab of Cortex XDR, I  can easily turn DIsk Drives to read mode. It is okey and working when I am doing this. I cannot delete any file, write or

XQL quey help

Hello everyone, 

I would like to replicate some queries in Cortex using XQL, but I have many doubts with this language and I am arguing with it 

Example:

T1140 Deobfuscate/Decode Files or Information 

Host insights enabled, yet only 12% have any CVE information. How to troubleshoot?

We've been running XDR Pro per endpoint since late 2022 with the host insights add-on licensed and enabled for all endpoints.
CVE data exists for around 12% of the endpoints and include every OS, etc... no rhyme or reason why some work, but most do no

How Cortex XDR alert/incident severity is decided or generated on tool

Hello all,

Please help me to understand how Cortex XDR assign the severity to incident and alert.

Cortex XDR agent does not send alerts if an event happen when computer is disconnected from network

Hi everyone,

If an event is triggered in a computer without connection, nothing is sent to the console when the computer recovers the connection.

My concern is how I will be alerted if something happens when a computer have no network.

I realiz

BIOC Block executables based field "Process_File_Info"

Hello,

I would like to know if any of you have struggled with support and technical cases with the need I show below.

I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Proces

Unit 42 Palo Alto integration with SIEM particularly ?

How can we integrate Unit 42 Palo Alto with SIEM particularly Microsoft Sentinel?

Regards,

Shashank

Python Script isn't being executed completely in Cortex XDR

Hi,

I'm trying to use a Python script in Cortex XDR to execute a certificate installation on Windows machines.

The main goal is to import a certificate.p12 with a password to be installed in all the Windows. However, the script is not behaviour as expe

Cortex XDR Pro - Ransomware Protection normal or aggressive

Hello dear community members!

which setting do you prefere? Were there any showstopper with aggressive mode? Which one?

BR

Rob