Group events with xql bin stage

Hi everyone

I try to count some events per day and used the bin stage to do this. It does work to group the events together but the time is wrong. For example an event at 00:30 will count for the day before (probably because of the timezone). I tri

Service Interruption and Telemetry Issues on Cortex Installation (RHEL 9.4)

I'm facing issues with my Cortex install on a RHEL 9.4 system.
Agent version 8.4.0.123787

Kernel version 5.14.0-427.35.1.el9_4.x86_64

Some services are stopped and not restarting:

• Command Run:
   

  sudo /opt/traps/bin/cytool runtime query
• Stopped Serv

Create link on the dashboard

Hi all,

I have created a simple custom Dashboard using a custom Widget. I want to put a link to endpoint table filtered by the result (result is the agent name), like the links on the default "Agent Management" dashboard. Does anyone know how to?

Cortex XDR XQL query to check which user is elevating access in linux

Hello Team , 

I am trying to write a XQL query to check which user is elevating access in Linux. 

can someone please help to write this query ?

Thanks in advance.

Cortex XDR  #XQL

Can't uninstall old cortex xdr version

i have install cortex xdr on linux (7.9 version) ,  the service can't start. i try to uninstall old version or upgrade the version to 8.1.1 , but it show below error. Pls help me to fix the error. 

[root@MOFVM068 bin]# ./cytool runtime start all
Red

XDR Acting as Application Control for Linux

Hi Community, 

I've managed to transform Palo Alto Networks' Cortex XDR into an effective application control solution for Linux based on the hashes of the files. 

Has anyone else tried this method previously?

Disabled Capabilities of XDR on instaallation

Hi all,

in one of our customers with the installation of XDR agent version 8.5 the Response Capabilities (File Retrieval, Live Terminal, Script Execution) were disabled from the very beginning on many of the endpoints. As there is no other way, the

I ingested the Checkpoint firewall logs into Cortex XDR, now what should I do?

Hi,

Some time ago I connected the CheckPoint Firewalls with Cortex XDR and I can now see the alerts from the Cortex console.

My question is, what should I do now with the alerts? Since the FW is generating more than 100 incidents a day.
I had crea

Cortex XDR Notify about Incidents via phone call

Hi,

is there a way to configure a robocall on Cortex XDR so that if a high or critical incident raises, I'll get an automated call to my phone notifying me about an incident? Maybe someone of y'all already have such configuration and would like to

How IOCs are detected?

Hi,

I've recently noticed that an IOC that we created a month ago is still somehow being triggered, therefore an incident is generated. The IOC is a domain that we've found in a phishing email. I haven't visited the domain or clicked on that quaran