some of endpoints might be exposed to risk due to report-only policies
Dear Team,
While login my Organizational XDR Console, their is attention message display - Image added.
If you guys having answer Please share to me - Thanks
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Dear Team,
While login my Organizational XDR Console, their is attention message display - Image added.
If you guys having answer Please share to me - Thanks
Hello All
I would like to use Asset Inventory to provide a list of each machine with os Windows and without Cortex agent installed.
The goal is to use the result in a widget for the dashboard if possible. Even better would be an api to use it with
...
Hello,
We are very new to having XDR and our onboarding was not very well done. They ended up doing everything on their own and struggling with it all; having mulitple people on the call to show our onboarder how to do things, etc... It was not ver
...
Hi Team,
Could you please provide us with the XQL query to retrieve the reasons behind the "Agent Disconnected" and "Connection Lost" statuses from Cortex XDR? I have attempted to create a query, but I haven't obtained any results. Please assist me
Is it possible to group\count\summarise results from an XQL query by hostname rather than seeing every entry for every event?
for example:
dataset = xdr_data
| filter event_type = FILE and
actor_process_image_name contains "Something"
is there som
...
Hello dear community,
today I ran into some issues with the version mentioned above. I know it got hotfixed, but when you cannot install an upgrade and cannot uninstall the agent, I get challanged
You need to uninstall it directly after restart,
...
Hi All,
I have 3 Broker VMs deployed in my Google Cloud project and I want to create a cluster from them. I also want to put a load balancer in front of the cluster as mentioned in the documentation "For "active/active" applets that require load b
...
I am aware of "Disk Encryption Visibility" where we can see the encryption status all volumes under any endpoints. But it appears we can't filter on this field (Volumes Status).
Is there any way at all to programmatically answer a simple question l
...
How to prevent or block malicious files while downloading from internet in cortex XDR. cortex xdr will only block a malicious file when it will execute but I want to block a malicious files before the execution similar to windows defender which can d
...
Hi team!
Does anyone have or have had a situation where the applet local agent settings show "Denied url: URL_HERE"?
Sometimes for short periods of time (around 5 -30 seconds) our broker VMs turn on in red the applet and we can see the message
...
Hello,
I'm looking for best practices or guides on how to add exceptions and exlusions in Cortex XDR.
All I found was this LIVEcommunity video - https://www.youtube.com/watch?v=dlbxibEtxR8, but it was added before Disable Prevention Rules was availa
...
Is it possible to XQL query XDR management audit logs? I'd like to create a dashboard to track console events like logins, endpoint isolations, malware scans, etc.
Hello team,
Hopefully someone can help me with my problem . I have a list of application name from Host Insights but i can't find the sha256 of the files anywhere.
I need to investigate them to see if they are malicious or not .
I used the fol
...
Hello dear community!
From my perspective, this documentation brings more questions, than answers.
There is written cortex does not collect CVEs for Applications.
"
Hi everyone.
I want to join alerts and incidents table to list all True Positive incidents along with their alerts (I need Prevention/Detection status of alerts of each incident). Is there a way to achieve this?
Thanks in advance!
Subject | Likes |
---|---|
2 Likes | |
2 Likes | |
1 Like | |
1 Like | |
1 Like |