Hi,
I can't seem to find what I'm looking for in the Cortex XDR console. I am trying to find a way to view all alerts generated whether it is from XDR or Analytics. The only way I can see this list is if I create an exclusion Investigation --> Exclus
...
We have resolved some alerts in Cortex XDR by adding the initiator path to allow list of specific policy but those alerts are not visible in the Cortex XDR alerts console anymore and neither in the management logs.
Cortex XDR @Cortex-support
Hi people,
1) I have installed the cortex XDR on end user PC and when I tried to scan email attachment on the end user PC I am not able to see any option to scan email attachment. I am a system Admin and I want the end user to scan email attachment w
...
Integration of Cortex XDR with the SIEM (Microsoft Azure) solution
Had a few queries regarding it:-
1. Supported integration methods & recommended integration methods for integration with Microsoft Sentinel.
2. What all logs can be forwarded (eg: Ale
We upgraded our clients from version 7.7.X to 7.8 and things like Visual Studio and Gitkraken and homegrown apps fail to run. No logs and really no errors other than just crashes or freezes. I pause XDR Agent and it runs fine. Anyone else experience
...
Hi all,
Has anyone ever had it where an agent will lose connectivity with the management console and will not reinstall afterwards?
I have an endpoint that lost connectivity with the console. Would not check back in. I removed it via the Control P
...
Hi there,
Recently I have received a request from client that they would like group endpoint automatically by the installation package, just like their previous deployment of their existing endpoint agents. Since it is much less admin overhead and
...
Hello ,
What could be the possible reasons for outdated content version despite the agents running in the latest agent version .
Looping in queries , Hi , I want to able to query if a particular command was executed after another one . For example if sudo was executed and then another command . How do i query that ?
Hello once again,
Does anyone know if it is possible to customize the message that is sent to the endpoint when it is isolated?
Currently XDR just displays a message for 5 seconds that says 'The Cortex XDR agent has stopped network access on your
Hello,
I have a little issue and I don´t know how to solve it.
Hopefully someone knows a hidden or 'unofficial' feature of XDR regarding this.
Briefly explained the structual background:
I am logging from diffrent Forti Firewalls into the XDR, thi
https://twitter.com/VirtualAllocEx/status/1599048829084794880?s=20&t=V1OyrvuCbhYez-wkSXNk1A
Or ist there a rule ready for this?
BR
Rob
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/customizable-agent-settings/endpoint-data-collected-by-cortex-xdr
BR
Rob
Hello ,
Wanted to know if XDR has the capability to view network packets (pcap) or to push out network policies, block traffic, visualization of network data etc.
My goal is to determine which device/user has used Sanctioned and non-Sanctioned cloud storage, e.g., Onedrive, SpiderOak, NextCloud, Syncthing.
There is a feature in Microsoft Defender for Cloud Apps that i'm hoping to find in Cortex, which contains
