-
Demisto : How to display List of Messages
Hi Team, I am usingcreate_incident API to create incidents. Below is the sample code. I can create an incident...
10-22-2020 Posted by JSannake0 Replies0 Likes68 Views
-
What the different of alert sources and definition of its.
XDR Analytics BIOCXDR BIOCPAN NGFWXDR IOCXDR AnalyticsXDR Managed Threat HuntingXDR Agent
09-21-2020 Posted by Komdet1 Replies0 Likes446 Views
-
Web filtering in Cortex?
Hello,We have just recently implemented Cortex XDR for endpoint protection and have a question about web filte...
10-21-2020 Posted by bsuprai0 Replies1 Likes101 Views
-
Bitlocker Encryption Status Only
I was reading about the new Bitlocker functionality in the new release. We have Bitlocker already deployed in ...
04-22-2020 Posted by hhiggins8 Replies0 Likes1937 Views
-
Grok Filter for Syslog entries
Does anyone have a Grok filter compatible with Cortex XDR syslog entries?I'm piping Cortex XDR syslog into log...
10-11-2020 Posted by sam_miller5 Replies0 Likes213 Views
-
Cortex XDR agent Consuming full resource while scanning
Hi All,Cortex XDR agent consuming my full resource while scanning. Did anyone face this kind of issue?I am usi...
10-15-2020 Posted by CyberEye0 Replies0 Likes102 Views
-
Updating Cortex Agent 7.2 fails
Good morning,I'm running into issues trying to update the cortex agent on some of our physical machines runnin...
10-02-2020 Posted by DJohnson842 Replies0 Likes262 Views
-
How to check receive log from fortigateVM64 on VM broker sy...
How to check receive log from fortigate VM64 on VM broker syslog collector?I setup log fortigate VM64 pattern ...
10-12-2020 Posted by Poobes0 Replies0 Likes94 Views
-
Cortex XDR Prevent Did Not Detect ncat
Hello I am new to Cortex XDR. I tried ncat on a PC with Cortex XDR Prevent (with Windows Defender) and it did ...
08-22-2020 Posted by tech_noob8 Replies1 Likes1115 Views
-
Server certificate for host is not allowed
hi,I have this message on more windows server 2019(vmware environnement), after install cortex 7.1:Server cert...
10-01-2020 Posted by WilliamFoisseau2 Replies0 Likes310 Views
-
Endpoint shown as 'Connection Lost' - cannot reach
I have a user (my boss) who is one of several endpoints with a status of 'Connection Lost'. I'm not actually a...
09-29-2020 Posted by TimGowen2 Replies0 Likes320 Views
-
.zip files Cortex XDR PRO
Hi community,Can cortex detect and analyze .zip files with password and delivered via email?
09-29-2020 Posted by marcelocampos0 Replies0 Likes190 Views
-
Cortex XDR unable to detect nbns spoofing using kali linux r...
Hello, I am new to Cortex XDR, I just installed it. I tried nbns spoofing on a pc with Cortex XDR and it did n...
08-13-2020 Posted by tech_noob5 Replies1 Likes1095 Views
-
Conflicts with Third Party Encryption Application
It appears that Cortex XDR does not play well with the existing encryption product we use. There is no indicat...
09-26-2020 Posted by EddieRowe0 Replies0 Likes183 Views
-
Cortex XDR folder exclusion
Hello,does anyone know if it is possible to exclude an entire folder on a Windows machine from Cortex XDR scan...
08-24-2020 Posted by DanieleGerola4 Replies1 Likes890 Views
-
Best way to exclude legitimate behaviours
When it comes to excluding legitimate behaviours from BIOC rules, as far as I can see, there are 3 options:Mod...
09-25-2020 Posted by BenHooper0 Replies0 Likes202 Views
-
prevent exe application to install in a system via cortex xd...
Hi,Can we prevent any .exe for e.g. anydesk application for installation in a system if the cortex XDR agent i...
09-02-2020 Posted by OsamaKhan9 Replies0 Likes1031 Views
-
Timeframes for BIOC rules
It'd be very useful for things like failed logons or network connection attempts if BIOC rules could utilise t...
09-23-2020 Posted by BenHooper0 Replies2 Likes241 Views
-
Powershell script for XDR agent removal?
Would anyone happen to have an example of a powershell script that'll assist in removing the XDR agent? Thanks...
09-18-2020 Posted by CraigV1231 Replies0 Likes331 Views
-
File reads not returned
The file event search is supposed to support reads but I've never seen it work.Is this a known problem?Example...
09-22-2020 Posted by BenHooper0 Replies0 Likes188 Views
-
Mitre ATT&CK techniques missing
After reading https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information...
09-22-2020 Posted by BenHooper0 Replies0 Likes194 Views
-
App-ID for endpoint-based BIOC rules
Currently, BIOC rules can be created for "NETWORK" (endpoint-based) or "NETWORK CONNECTIONS" (NGFW-based) but ...
09-22-2020 Posted by BenHooper0 Replies0 Likes180 Views
-
View general forensic timeline for endpoint
Is it possible to view the forensic timeline for an endpoint in general, not only for information that the sys...
09-22-2020 Posted by BenHooper0 Replies0 Likes180 Views
-
In-shell PowerShell commands not captured
As of at least 2020/07/10, I've only ever seen Cortex XDR capture PowerShell commands were included as paramet...
09-22-2020 Posted by BenHooper0 Replies0 Likes183 Views
-
Authentication BIOC rule
Currently, I can create one-off or scheduled queries for authentication data / events but not BIOC rules which...
09-22-2020 Posted by BenHooper0 Replies0 Likes208 Views
-
Can paloalto network Cortex XDR endpoint protection replace ...
Our company just got this Cortex endpoint protection but it seems to me like it is just a endpoint management ...
09-20-2020 Posted by chetan850 Replies0 Likes578 Views
-
Cortex XDR content update
Hi Team,How to check and find cortex xdr content update release date? Cloud portal only showing the version an...
09-07-2020 Posted by Marsooq_A4 Replies0 Likes587 Views
-
Command line to set a Proxy_List to an already installed Cor...
Hi.Does anyone know if there is a command line to set a proxy to an already installed version of Cortex XDR?I ...
09-15-2020 Posted by MartinCimone2 Replies0 Likes535 Views
-
Force policy check in Cortex XDR
Hi,Is there any way to force a policy check on an endpoint?I have created a new Policy Rule and assigned a new...
09-09-2020 Posted by MartinCimone10 Replies0 Likes973 Views
-
XDR Prevent 7.2.0 Performance Issue on Win10 x64 v1903?
Has anyone upgraded to the 7.2.0 agent yet that has experienced performance issues? Like most persons our envi...
09-15-2020 Posted by EddieRowe0 Replies0 Likes241 Views
