XQL Query to find bugcheck (BSOD) entries in event logs

We are experiencing a few BSOD events when auto-upgrade pushes new agents.

Anecdotally, it only seems to happen to a small number of machines and well below 1% of the total XDR estate, however this is anecdotal and I keep getting challenged that "only

ITDR Honey Users for Cloud Identities

Hi Everyone

We're using ITDR module and are manually assigning asset role as described here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Asset-Roles

Only on-premises identities from AD can be assigned to asset r

SynRpcServer.exe in System32 folder

Hi,

I got an alert "Globally rare process execution from a signed process" and after investigating the process is SynRpcServer.exe

Growth of ARM processors in Windows Ecosystem

With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.

Is there an roadmap for considera

Laptops dynamic group

I am looking for an efficient way to create a dynamic group for laptops only in the XDR console. So far, my only idea is to add a laptop tag during installation and then group by the tag. Is there an automated way to have XDR report the portable plat

How to configure rsyslog server to receive logs from Cortex XDR via TCP+SSL

Hi,

I am having issue with Cortex Log forwarding to syslog server where from Cortex XDR encountered error(can refer in the attachment named Cortex XDR error) as below.

Test failed: Connection timed out

I have check many times with our firewall

Development Pipeline

dear,

I have an openshift ci/cd and I wanted when the image was formed, the cortex would be called to check, is it possible?

Cortex XDR False Positive Report

Hello everyone,

We develop some applications and our customer told us when they install the application, it gives a malicious warning for a sub installer "gcad_local.exe". Is it possible to submit the file to Cortex XDR and add it to whitelist in som

Telemetry on visited web pages

Hello everyone,
My employer is going to install Cortex on the employees' PCs.
Is this software able to monitor the time spent on the internet and the websites visited please?
Thank you in advance.

SSH access to Broker VM impossible/failed

Hi everyone,
I'm trying to access my VM Broker with SSH in admin mode but without success.

In the Broker configuration, I use the command :
ssh -i [/path/to/private.key] admin@[broker_vm_address] then I connect to the Broker machine without any proble

Vuln drivers - scan

Hi,

Anyone know if is possible to retrieve the devices with drivers with vulnerabilities?
I've a lot devices with Cortex XDR and my objective is force IT guys, update vulnerable drivers etc.

XDR API for Policy Management

Is there an API in XDR for Policy Management?

I'm trying to get the list of policies, profiles and their rules.

There is /public_api/v1/endpoints/get_policy (Get Policy • Cortex XDR REST API • Reader • Palo Alto Networks documentation portal)

Howeve