Cortex XDR Scanning on Exchange and Sharepoint Servers

Hello,

We are looking to add the XDR agent to our on-prem Exchange and Sharepoint servers, and I had two questions about the scanning capabilities of the agent on these servers. 

1. Does XDR scan emails and attachments that reside on Exchange servers?

Query to Monitor Computer Uptime

Hello,

I intend to formulate a new query to retrieve the computer's uptime, and if the system has been active for more than 30 days, generate an alert. Although I attempted the following XQL Search, the outcome yielded no results:

Cortex XDR agent and EICAR malware test file

Hi team,

It feels like I'm missing something and so would appreciate of someone could explain to me why the XDR agent on Windows (latest 8.2.1 with block policy) is not reacting to EICAR malware test file (X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-

CDL or Strata Logging Service: Tenancy is getting expired in two days, how to renew the tenancy

I have access to an instance of "Strata Logging Service".

My tenancy to Strat Logging service is ending by: Jan 25th.

Need help in renewing the tenancy .

Thanks,

Debabani

Firefox Extensions

Hello guys, this is my first post, I'm glad I can be part of this community, I tried to make a query to see what extensions are installed in Firefox. I hope it is ok and useful and if you have something to add to improve it, I would be very happy.

Managing server Option Not Unavailable - Cortex XDR

I am attempting to change managing server option for an endpoint, however the option is unavailable when I go to endpoint control.

See image below:

I do have endpoint administrator privileges in Cortex XDR Management UI as shown below:

The

Partial protected endpoints

Dears,

In some cases Endpoint is going to Partial protected due to some issues. I have read this knowledge base. (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OGWCA2&lang=en_US%E2%80%A9) 

Now I want to know that How can

Query users that use USB device

Hello.

I've try to obtain a list of all users that use USB device in his computers.

All corporate computer have XDR installed, any query suggestion?

Regards.

Rodrigo

Server Golden Image with RDS

Hello, I need your help.

We have a Windows server 2022 with active RDS features and it's a "Golden Image", meaning it serves as the image for 6 other servers.

My question is... the server's purpose is to be an RDS (providing apps), should the Cortex

Does anyone have any best practice guide or suggestions before enabling the policy to prevent mode

Hello team,

Does anyone have any best practice guide or suggestions before enabling the policy to prevent mode for all modules like Malware/exploit. 

Cortex XDR 

Check if MFA is enabled for all administrators

Hi,

I'm trying to find information how to check if MFA is enabled/forced for all Cortex XDR dashboard users and can't find this option. Could somebody guide me please?

Query for checking memory usage

Hi there!

Is there a specific query or command I can use to check the memory usage on a computer at a particular time? Could someone please assist me with this?

Cortex XDR 

Threat Hunting Scenerios

I would like to set the alert to detect the following scenerios

How can I config the XQL/Query in BIOC to detect: Cortex XDR 

1. Login of local admin user (user with local administrators privilege)
2. Stop of a windows service e.g “abc.exe” while the endp