Discussions
Visualize Running processes through XQL and send alert?
Hello dear community!
is it possible to visualize through XQL a prozess which was not terminated and is still running?
In the causality view it is visualized, but I would need it to create a alert.
If a special process is still running, get a mail
...Resolved! Cortex XDR Alerts
Hi,
I can't seem to find what I'm looking for in the Cortex XDR console. I am trying to find a way to view all alerts generated whether it is from XDR or Analytics. The only way I can see this list is if I create an exclusion Investigation --> Exclus
...Cortex XDR Alerts not found after resolving
We have resolved some alerts in Cortex XDR by adding the initiator path to allow list of specific policy but those alerts are not visible in the Cortex XDR alerts console anymore and neither in the management logs.
Cortex XDR @Cortex-support
Cortex XDR
Hi people,
1) I have installed the cortex XDR on end user PC and when I tried to scan email attachment on the end user PC I am not able to see any option to scan email attachment. I am a system Admin and I want the end user to scan email attachment w
...Integrate Cortex XDR with the SIEM (Microsoft Azure) solution
Integration of Cortex XDR with the SIEM (Microsoft Azure) solution
Had a few queries regarding it:-
1. Supported integration methods & recommended integration methods for integration with Microsoft Sentinel.
2. What all logs can be forwarded (eg: Ale
Help! Upgraded to 7.8.1.11343 now all clients can’t run certain applications
We upgraded our clients from version 7.7.X to 7.8 and things like Visual Studio and Gitkraken and homegrown apps fail to run. No logs and really no errors other than just crashes or freezes. I pause XDR Agent and it runs fine. Anyone else experience
...XDR agent install rolls back
Hi all,
Has anyone ever had it where an agent will lose connectivity with the management console and will not reinstall afterwards?
I have an endpoint that lost connectivity with the console. Would not check back in. I removed it via the Control P
...Adding Endpoint to Dynamic Group by "Installation Package" Name
Hi there,
Recently I have received a request from client that they would like group endpoint automatically by the installation package, just like their previous deployment of their existing endpoint agents. Since it is much less admin overhead and
...
Outdated content update
Hello ,
What could be the possible reasons for outdated content version despite the agents running in the latest agent version .
Regarding running of command
Looping in queries , Hi , I want to able to query if a particular command was executed after another one . For example if sudo was executed and then another command . How do i query that ?
Resolved! Customize the Endpoint Isolation message
Hello once again,
Does anyone know if it is possible to customize the message that is sent to the endpoint when it is isolated?
Currently XDR just displays a message for 5 seconds that says 'The Cortex XDR agent has stopped network access on your
External Alerts Mapping, Alerts are always assembled to one Incident
Hello,
I have a little issue and I don´t know how to solve it.
Hopefully someone knows a hidden or 'unofficial' feature of XDR regarding this.
Briefly explained the structual background:
I am logging from diffrent Forti Firewalls into the XDR, thi
May this cmd for password query could find into a content update?
https://twitter.com/VirtualAllocEx/status/1599048829084794880?s=20&t=V1OyrvuCbhYez-wkSXNk1A
Or ist there a rule ready for this?
BR
Rob
Resolved! Docs 5059 etc. missing in the middle column
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/customizable-agent-settings/endpoint-data-collected-by-cortex-xdr
BR
Rob
