HELP With XQL Query to fetch All Assets

Hello Everyone, 
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets. 

Thank you 

Cortex XDR 

Cortex XDR Integration with NGFW

Hello, 

I have Cortex Pro per GB license and NGFW. I have successfully created certificate and it is showing as valid in XDR console. I have created a profile which is sending logs to Data Lake. I have applied it on many policies. But I cannot get

Maximum file size for hash calculations

What is the maximum file size for hash calculations in both XDR data and Insight Hosts files database? Thanks. 

Prevention Policy Rules Time to update?

Hey,  

I've configured a Prevention Policy Rules to apply on windows endpoints which have a tag = myname.
How long should it take to apply on these endpoints ?
For example if I go to "All endpoints" in the "Assigned Prevention Policy" I still see the ol

Creating disable prevention rule for Alerts with different sha256 but all other values were same

We have created a disable prevention rule for a few Cortex XDR agent-blocked alerts because they were false-positive.

However, we recently received 2 new alerts with the same fields as the ones for which we created the disable prevention rule.

I only

Cortex XDR Ransomware Protection - Protection Mode "Aggressive" vs "Normal"

Hello 

Is there the cheat sheet of comparison of Ransomware Protection Mode "Aggressive mode" vs "Normal". I have no idea key differences between "Aggressive" and "Normal" mode. I need to that cheat sheet in my report. Anybody can provide or Do Pal

Alert to Incident

Hey dear community, 

do I have the chance to elevate a alert to an incident? I tried allready to set the severity of an alert to critical, but nothing happened. This alert doesn't get an Incident ID. 

I thought this was possible in the past, but

Cortex XDR does not show file name

Hello everyone, 

I have an incident and when I open related logs, it is showing large upload. I can see a bunch of logs which indicates that someone has uploaded 53 mb file to amazon or one drive. I saw destionation host as ........amazon.com and i

XQL Query to find bugcheck (BSOD) entries in event logs

We are experiencing a few BSOD events when auto-upgrade pushes new agents.

Anecdotally, it only seems to happen to a small number of machines and well below 1% of the total XDR estate, however this is anecdotal and I keep getting challenged that "only

ITDR Honey Users for Cloud Identities

Hi Everyone

We're using ITDR module and are manually assigning asset role as described here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Asset-Roles

Only on-premises identities from AD can be assigned to asset r

SynRpcServer.exe in System32 folder

Hi,

I got an alert "Globally rare process execution from a signed process" and after investigating the process is SynRpcServer.exe

Growth of ARM processors in Windows Ecosystem

With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.

Is there an roadmap for considera

Laptops dynamic group

I am looking for an efficient way to create a dynamic group for laptops only in the XDR console. So far, my only idea is to add a laptop tag during installation and then group by the tag. Is there an automated way to have XDR report the portable plat