XDR Collectors

Hello, 

I have prepared XDR collector agent for Windows. I have installed it on two of my windows servers. But unfortunately, it does not show up on Administration tab where i am supposed to see all installed collectors. I do not see my two XDR colle

Send alerts to Syslog server with TLS failing with Certificate Verification Failed

Hi, I'm trying to configure my TLS enabled Syslog server in Cortex but not successful. I'm always getting "Test failed : Certificate Verification Failed". When I tick the "Ignore certificate errors", the error disappears and one syslog message is rec

Legacy Agent Exceptions or New menu??

Hi, what's your opinion?

Legacy Agent Exceptions or Global Exceptions Menu??

What's the difference? Which one is better?

Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings

XDR Endpoint Visibility Dashboard

Hello, 

Let's assume I have 5 departments inside my organization. Each contains 6-7 endpoints. I want to create 5 dashbaords for each. In these dashboards, I want to see only organization specific endpoints ( 6-7 endpoints would be in each dashboard)

How to install Cortex XDR Agent as Golden image using Debian package for Linux

I'd like to install the Cortex XDR agent as a golden image using a Debian file on Ubuntu.

I tried to execute the command "apt-get install ./cortex-8.2.1.120305.deb -- --vm-template" or "apt-get install cortex-8.2.1.120305 -- --vm-template", but it do

DTRH: Finding New XQL Fields and Joining Data

DTRH: Finding New XQL Fields and Joining Data

I was trying to look at some user login information through XQL and I started poking around the different fields that were being returned. I began one of the user login sample queries available in the q

Host Firewall API

Has anyone had any luck adding IPs to the XDR host firewall via API?

It seems like this would be a great function to have. (Looking at you Palo Alto DEVs)

I've also looked at:

Adding IPs to an IOC - but IOCs cannot be added to custom blocking rules

How to allow hash for specific endpoint on allow list

There is an option in the hash to define an action-allow list, but it allows the hash for all the endpoints. We need to allow hash for specific endpoints, but we don't want to create a policy and profile for each and every time. Is there a way to all

Why none of the CVEs on Cortex XDR are from years prior to 2017?

All the CVEs that appear on the platform Cortex XDR date back to 2017, when I see the vulnerability assessment section, none of the CVEs are from years prior to 2017. Could you give me an answer as to why this is so?