XDR on-write exclusions
Hi,
Is it possible to exclude certain executables and their hashes from on-write protection on Cortex XDR ??
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi,
Is it possible to exclude certain executables and their hashes from on-write protection on Cortex XDR ??
Hello, i'm trying to create an XQL query that will show all alerts, as opposed to incidents. Is that possible?
I kindly request how to ingest prophaze waf Logs in the cortex console. If possible, could you guide how to proceed with this integration? Additionally, please share any related documents or resources that could be helpful in this process.
Cortex XD
Hello,
Can you help with the difference between Critical environment and Normal Version of Cortex XDR?
When should an organisation use critical environment ?
Regards,
Shashank Sinha
Hello,
Currently I am monitoring USB device use within my tenant, with the following query:
config case_sensitive = false
| preset = device_control
| join (dataset = endpoints ) as EP EP.endpoint_name = agent_hostname
| filter event_sub_type = ENUM
...
Good morning,
We want to schedule automatic scans for some servers, currently we already have a malware profile created that runs these scans. The problem is when it only generates a log that it was done, but no report as such. Is there any way to
...
Hi Family ,
Please provide a Cortex XDR query to efficiently filter incidents with high and medium severity, including artifacts, dates, endpoint names, and IP addresses.
Cortex XDR
regards
19/01/2024 11:31:34 209 Information The Winrm service started successfully
19/01/2024 11:31:34 208 Information The Winrm service is starting
19/01/2024 11:31:33 212 Information The Winrm service was stopp
Hello there,
I've definied multiple IP address ranges in the assets module of Cortex XDR console.
Some range belongs to the same factory.
Ranges have a name like this :
FactoryName - VlanName
We have multiple units.
Somes units contains multiple
...
After our Cortex XDR tenant was upgraded to 3.9 we started receiving the following error: "License Violation warning Based on a 7 day average calculation from February 24th 2024 to March 1st 2024, your daily ingestion quota is exceeded."
Looking at
...
Hey everyone,
Is there a way to bypass the onboarding wizard screens that you see when setting up the app and just configure it with Intune? If not, we'll have to manually walk through these settings on potentially thousands of devices.
Dear Team,
The customer is trying to deploy the XDR agent on multiple Windows devices through the SCCM tool, but first, he wants to create a .bat file format of the agent to push installation through the centralized tool.
Can anyone help me on ho
...
Hi
I have a doubt about cortex-XDR. That is, my entity was implemented in cortex-XDR, but I have to know if XDR has a capability with DLP. Can I use XDR for DLP?
Regards,
Salivan
Hi All,
Does XDR have below capabilities -
I know it has DF with the pro license, just wanted to know more about it also can we just click on it an enable it on the license page or does it requi
...
Does anyone knows which is the dataset for cloud inventory?
I cant seem to find the dataset meant for cloud inventory specifically for AWS.
Does anyone know if this is even available for xql searches?
Also, I cant seem to have asset widget for manag
...User | Likes Count |
---|---|
9 | |
4 | |
3 | |
3 | |
3 |