Does Cortex XDR BIOC analytics alerts get blocked after setting Global Behavioral Threat Protection to block

Hello team,

Does Cortex XDR BIOC analytics alerts get blocked after setting Global Behavioral Threat Protection to block ? or how Cortex XDR decide to block/detect the behavioral threat alert?

Cortex XDR 

Queries about different operating system and the hours of attention to incidents

Hello everyone,

I am trying to create some XQL queries to create some dashboards but without success. I wanted to know if you could help me, the questions would be the following:

1. that the different operating systems are shown, but that it shows

Assistance Needed: Blocking URLs (Google Docs & Gmail, TeamViewer and others)

Dear Support Team,

I am writing to request assistance with configuring a policy within in my version of Cortex XDR Pro.

As part of the migration process, I need to restrict access to Google Docs and Gmail, TeamViewer and others to ensure the blocking

Cortex XDR Scanning on Exchange and Sharepoint Servers

Hello,

We are looking to add the XDR agent to our on-prem Exchange and Sharepoint servers, and I had two questions about the scanning capabilities of the agent on these servers. 

1. Does XDR scan emails and attachments that reside on Exchange servers?

Query to Monitor Computer Uptime

Hello,

I intend to formulate a new query to retrieve the computer's uptime, and if the system has been active for more than 30 days, generate an alert. Although I attempted the following XQL Search, the outcome yielded no results:

Cortex XDR agent and EICAR malware test file

Hi team,

It feels like I'm missing something and so would appreciate of someone could explain to me why the XDR agent on Windows (latest 8.2.1 with block policy) is not reacting to EICAR malware test file (X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-

CDL or Strata Logging Service: Tenancy is getting expired in two days, how to renew the tenancy

I have access to an instance of "Strata Logging Service".

My tenancy to Strat Logging service is ending by: Jan 25th.

Need help in renewing the tenancy .

Thanks,

Debabani

Firefox Extensions

Hello guys, this is my first post, I'm glad I can be part of this community, I tried to make a query to see what extensions are installed in Firefox. I hope it is ok and useful and if you have something to add to improve it, I would be very happy.

Managing server Option Not Unavailable - Cortex XDR

I am attempting to change managing server option for an endpoint, however the option is unavailable when I go to endpoint control.

See image below:

I do have endpoint administrator privileges in Cortex XDR Management UI as shown below:

The

Partial protected endpoints

Dears,

In some cases Endpoint is going to Partial protected due to some issues. I have read this knowledge base. (https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u0000004OGWCA2&lang=en_US%E2%80%A9) 

Now I want to know that How can

Query users that use USB device

Hello.

I've try to obtain a list of all users that use USB device in his computers.

All corporate computer have XDR installed, any query suggestion?

Regards.

Rodrigo

Server Golden Image with RDS

Hello, I need your help.

We have a Windows server 2022 with active RDS features and it's a "Golden Image", meaning it serves as the image for 6 other servers.

My question is... the server's purpose is to be an RDS (providing apps), should the Cortex

Does anyone have any best practice guide or suggestions before enabling the policy to prevent mode

Hello team,

Does anyone have any best practice guide or suggestions before enabling the policy to prevent mode for all modules like Malware/exploit. 

Cortex XDR