Install Cortex Agent on on-prem k8s

Hello, 

Anyone have experience installing XDR agent on on-prem cluster with docker installed.

The agent compatibility matrix mentioned XDR version 8.6 is supported 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matr

Cortex Installed

expensive,

Would you have an xql where it brings from the machines in my park which ones have the cortex installed or not?

Unable to install Cortex XDR agent!

We are encountering an error during the installation of the Cortex XDR agent on one of the machines.

"Cortex xdr requires rollback/Commit to be enabled"

Could you kindly provide the solution to resolve this issue?

Cortex XDR 

Difference between system reboot and agent services off

Hi,

We have to configure 3 alerts that are sent via email.

Condition 1:

When cortex agent services are stopped then raise an alert via email.

Condition 2:

When system is powered off/turned off then wait will 10 minutes, if systems do not come b

XQL: Anyone has working example of building analytics on XQL query?

We want to build analytics using XQL where we could find or create an alert if certain behavior has occurred for the first time on endpoint.

Currently, we use external help where we run XQL schedule query and then retrieve results and run python sc

cortex broker log collector in HA Active Pasive

Good morning, dear friends,

I am facing the challenge of installing 2 broker VMs in HA (Active - Passive) as Log Collectors to receive logs from different data sources. My biggest concern and doubt is the configuration of the HA architecture of the

Upgrade Cortex XDR Agent VDI workstation through Console

Hi peeps, 

Just checking, I've noticed today that I can initiate upgrade cortex agent for VDI workstation through console (from 8.4.1 to 8.5.1 version). Even on the pop-up agent upgrade there's still note saying "Note: VDI and Android agents cannot

How to SSH Broker VM use password

hello, I want to use ssh to access broker vm using a password instead of using a public key. can someone help me?

Cisco DUO logs ingestion and integration in XDR

Hi 

How can we request Cisco Duo logs ingestion and integration in XDR, same as OKTA and PingID. ?

Cortex XDR 

How to configure for assessed the Suspicious Process on Cortex XDR that need to monitor and logged because customer don’t need to exclusion?

Hi Members,

     Please advise. How to configure for assessed the Suspicious Process on Cortex XDR that need to monitor and logged because customer don’t need to exclusion?

Thanks & regards,

Jirapan M.

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

Hi , 

How to check for the below actions in xql builder.

please help in developing a query 

1. The attacker sends a DCE/RPC request to the Victim Server Machine
2. The Victim is triggered to send a DNS SRV query about SafeBreachLabs.pro
3. The Attacker’s DNS