Is there any way to include the hostname for alerts received in Slack? They are very valuable to receive on the phone late at night, but would be even better if we had a bit more information: hostname, domain, something that indicates this is a test
...
support says it is by design
the "Traps Logs Formats" kb makes no reference to them either
before I go through the headache of sending cortex logs to something for alerts can anyone confirm that they will even be present?
anyone have any other ideas on
...
Hello!!
How are you? i need confirm an action when add exception for child process, i have several alerts for "WmiPrvSe.exe Rare Child Process" that are false positive, and im considering add to whitelist in the profile associated.
For create it i
...
Hi,
We have an environment where by we have CISCO ASA Firewalls, our Client Base would communicate with a Proxy Server and then this would pass the details onto the Firewall and the ASA Firewalls would then communicate with Cortex XDR.
As Cortex XDR
...
good day community,
I have an incident due to the execution of an excel file that contains macros.
According to the verdict and its hash the file is not a threat.
My question is the following which is the most suitable method to allow the execution of s
...
Cannot find any link for the release notes of Agent version 7.2.0.
Kind Regards,
Graeme
I noticed that my tenant space has a new option in the Windows Malware Profile under Ransomware Protection that is named "Extend Ransomware Protection to SMB Shares". I don't believe this setting was available prior tot he 7.2 release that I read ab
...
Hello, hope you are all doing well and staying safe.
Traps v6.1.0 was installed on a server and Windows Defender never auto disabled causing Antimalware Service to run alongside Traps. I uninstalled Traps and replaced it with the new Cortex XDR v7.1.
...
Hello everyone,
We are looking to implement agent based firewall rules to lock down the communication between DC's and SCCM servers we have 20+ of each and I am wondering what is the most feasible way of doing that? User Guide has pretty much no guid
...
i am using the same installer on all my clients (mac) why do some of my devices have malware and exploit protection and others just malware protection?
when you first install the Cortex XDR agent on a new server (and reboot if on Windows), is it immediately 'active' and blocking suspicious processes? I was told that it ran in 'passive' mode for 30-days as it built a profile of "normal" activity for
...
Good day! community,
I have a question, what treatment is given to executables that are signed as weak hash?
I understand that cortex XDR will block its execution.
Can it be excepted considering that it is a utility software?
The hash is unaltered and W
...
Hello,
Is there a way to allow a legitimate parent process to create a legitimate child process on Cortex XDR that is being blocked due to "Suspicious Process Creation"? In my case, I whitelisted the child process but the block continues. I do not wa
...
Hello, beginning on or about 20 July, began to see MANY more Incidents created in Cortex XDR that looked similar to this:
Incident Description: 'Threat ID #' generated by PAN NGFW detected on host <hostName> involving xyz\UserName
(note, there is NOTHI
...
Hi experts,
Cortex now has the ability to report vulnerabilities on endpoints, currently limited to Linux endpoints.
Does anyone know if this is going to be extended to Windows and other endpoint types?
Thanks
Darren
