Server Golden Image with RDS

Hello, I need your help.

We have a Windows server 2022 with active RDS features and it's a "Golden Image", meaning it serves as the image for 6 other servers.

My question is... the server's purpose is to be an RDS (providing apps), should the Cortex

Does anyone have any best practice guide or suggestions before enabling the policy to prevent mode

Hello team,

Does anyone have any best practice guide or suggestions before enabling the policy to prevent mode for all modules like Malware/exploit. 

Cortex XDR 

Check if MFA is enabled for all administrators

Hi,

I'm trying to find information how to check if MFA is enabled/forced for all Cortex XDR dashboard users and can't find this option. Could somebody guide me please?

Query for checking memory usage

Hi there!

Is there a specific query or command I can use to check the memory usage on a computer at a particular time? Could someone please assist me with this?

Cortex XDR 

Threat Hunting Scenerios

I would like to set the alert to detect the following scenerios

How can I config the XQL/Query in BIOC to detect: Cortex XDR 

1. Login of local admin user (user with local administrators privilege)
2. Stop of a windows service e.g “abc.exe” while the endp

Is there a documentation available for Cortex XDR related to event_type and event_sub_type?

Hi, 

Is there available documentation for ENUM numeric values in event_type and event_sub_type in XDR? Trying it in a query and it asks for the numeric value (Example: event_type = 1; PROCESS). 

Thanks!

Incident creation latency

Hi all,

I have seen a few cases like that in recent days:

There was an alert by name ""Failed Connections" generated by XDR Anaytics" and inside that incident there was only one alert named "Failed connections" and alert source was XDR Analytics. B

XQL Query Help

Hello All,

I am trying to build a correlation rule for palo alto traffic logs to have local to remote traffic logs but I am unable to put that condition in the XQL query. Can someone please help me with the condition if you have already built one?

It

Exception with Windows Environment Variable

Dear Community,

Seeking for validation. I was under the impressions that we could create exception with the Windows environmental variables.

There's recent XDR alert says otherwise, the alert reappeared even after applied the exception. (With Windo

Need help sorting my applications and endpoint names using an XQL query

I want to sort my endpoint based on all application, like which application are using which specific endpoint? using an XQL query.
Cortex XDR #xql_query

Cortex XDR support intune to deploy on enduser machines

the Cortex XDR support Intune to deploy agents on end-user machine.

Process for ready the package and deploy to machine and test the package.

Bitlocker + Intune + XDR

Good morning everybody,

I would like to ask you about the Disk Encryption Visibility tab in Cortex XDR.  When the endpoint is managed by Microsoft Intune and the Bitlocker function is managed also from there, I would like to see a proper Encryption s

Asset inventory not updating for anything without the XDR agent. Last observed date is November 25th.

This was working before November 25th.  Nothing changed in the configuration, network location is set and Distributed Network Scan is enabled.

We are running Pro.

I opened a case but wondered if anyone else sees this?

Thanks