Cortex XDR Integration with NGFW

Hello, 

I have Cortex Pro per GB license and NGFW. I have successfully created certificate and it is showing as valid in XDR console. I have created a profile which is sending logs to Data Lake. I have applied it on many policies. But I cannot get

Maximum file size for hash calculations

What is the maximum file size for hash calculations in both XDR data and Insight Hosts files database? Thanks. 

Prevention Policy Rules Time to update?

Hey,  

I've configured a Prevention Policy Rules to apply on windows endpoints which have a tag = myname.
How long should it take to apply on these endpoints ?
For example if I go to "All endpoints" in the "Assigned Prevention Policy" I still see the ol

Creating disable prevention rule for Alerts with different sha256 but all other values were same

We have created a disable prevention rule for a few Cortex XDR agent-blocked alerts because they were false-positive.

However, we recently received 2 new alerts with the same fields as the ones for which we created the disable prevention rule.

I only

Cortex XDR Ransomware Protection - Protection Mode "Aggressive" vs "Normal"

Hello 

Is there the cheat sheet of comparison of Ransomware Protection Mode "Aggressive mode" vs "Normal". I have no idea key differences between "Aggressive" and "Normal" mode. I need to that cheat sheet in my report. Anybody can provide or Do Pal

Alert to Incident

Hey dear community, 

do I have the chance to elevate a alert to an incident? I tried allready to set the severity of an alert to critical, but nothing happened. This alert doesn't get an Incident ID. 

I thought this was possible in the past, but

Cortex XDR does not show file name

Hello everyone, 

I have an incident and when I open related logs, it is showing large upload. I can see a bunch of logs which indicates that someone has uploaded 53 mb file to amazon or one drive. I saw destionation host as ........amazon.com and i

XQL Query to find bugcheck (BSOD) entries in event logs

We are experiencing a few BSOD events when auto-upgrade pushes new agents.

Anecdotally, it only seems to happen to a small number of machines and well below 1% of the total XDR estate, however this is anecdotal and I keep getting challenged that "only

ITDR Honey Users for Cloud Identities

Hi Everyone

We're using ITDR module and are manually assigning asset role as described here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Asset-Roles

Only on-premises identities from AD can be assigned to asset r

SynRpcServer.exe in System32 folder

Hi,

I got an alert "Globally rare process execution from a signed process" and after investigating the process is SynRpcServer.exe

Cortex XDR Agent in a Non-Persistent VDI and Paths Outside the Gold Image

Hello everyone.

We have recently experienced a problem in a non-persistent VDI infrastructure where we have many terminal servers used by users.
These users may be using portable software that resides on shared folders and when the users use this soft

Growth of ARM processors in Windows Ecosystem

With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.

Is there an roadmap for considera

Cortex XDR on Citrix non-persistent multi-user server

Hi community

Quite often we have issues with cortex xdr on citrix infrastructure. Currently meinly with windows server 2022 we are in the situation where it is not possible to run cortex at all because of possibel servercrashes which are not yet anal