Mac offline scan
We have a mac that we suspect may be compromised. We would like to run a scan with the device offline and not connected to our network.
How would we go about doing this?
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
We have a mac that we suspect may be compromised. We would like to run a scan with the device offline and not connected to our network.
How would we go about doing this?
When i try to update the cortex version 8.1.1.43337 version, I got the attached error. I try to update from 7.9.1 version.
Hello, can I find out the Cortex XDR Agent Version by querying a windows registry key? If so, where is it located?
Hey!
I was just wondering if anyone knows of a way to get the total download/upload to show in MB or GB rather than bytes through an XQL queries' output?
XQL Query
dataset = xdr_data // Using the xdr dataset
| filter event_type = ENUM.NETWORK // Filt
Hello,
I am a bit confused by the information in logs when an XDR enpoint is connected to a BrokerVM.
It appears that for some connexions issues, endpoints are not communicating anymore with the BrokerVM:
XDR agent on ... failed to communicate to
...
How to change the default password for Password Protection for Download Files in server settings configuration Cortex XDR?
Hi Everyone.
I want to integrate Broker VM server with the QRadar using syslog service (we are open to discussion about syslog).
We have some servers that can't see the internet, so we set up Broker VM and installed agents on the servers. Now we
...
Hi team
Is it possible to configure XDR to display extra attributes on a few places - namely:
* User information under "Key Assets & Artifacts" in each incident
* Displayed name on the user card
XDR chose to display the SAM account name (i.e. the
...
Need help for getting Device Permanent Exceptions allowed endpoints and device details
Hello Everyone,
I'm new to Cortex XDR and looking to enhance our IOC hunting process. I want to run a scan with IOCs from our subscribed external threat feed.
I have uploaded multiple IOCs to XDR via add IOC option but only able to run the query for
...
Is there a way to only scan the users directory? Adding folders in allow list c:\Users\* does not work and scans everything on the device. How can I accomplish this task by only scan the users directory and not scan the entire system?
First, I do not claim to be a virtual environment expert, but our organization has been running into a problem with VDI and Cortex XDR.
We have had problems with v7.9.1 (or whichever version was released mid-December of last year) to communicate wi
...
support says it is by design
the "Traps Logs Formats" kb makes no reference to them either
before I go through the headache of sending cortex logs to something for alerts can anyone confirm that they will even be present?
anyone have any other ideas on
...
Hi Guys,
I need some help.
I have two fields with multiple values and I need to separate there values into separates lines.
My fields are like these:
My goal is to have 1 line with each of the results:
field = value
I tried using the arrayexpa
...Subject | Likes |
---|---|
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes |