Resolved! Cortex XDR Pro is using BYOVD list from loldrivers.io?

Hey dear community, 

is Cortex XDR Pro using the base from the https://www.loldrivers.io/api/drivers.csv list? I am asking because I could build my own IOCs from this list and I want to know if it is necessary. 

BR

Rob

Resolved! IOC Rule has been disabled - Auto Disable limit 5000 too high

Hello dear community, 

we had a nice expierience today with a FP (IOC, IP). We got about 2000 E-Mails and there were more than 5000 alerts, so Cortex auto disabled the IOC. So far, so good. 

In our case it would have made sence to reduce the tresho

Resolved! Blocking IP via host firewall

Hi Team,

Is there a possibility to block specific external domain ip addresses via the cortex xdr host firewall?

Resolved! How to Enable Report verdict as Incorrect Option in Cortex XDR

Dear Team ,

We have assigned role to several XDR analyst for incident response but we cannot find Report verdict as Incorrect Option  in Key & Artifact section.

My doubt is how can we configure the setting in role section of XDR to enable the Rep

Resolved! Blocking EFSRPC

In the 7/17 content release notes, improvements have been made to "Suspicious Encrypting File System Remote call (EFSRPC) to domain controller' generated by XDR Analytics BIOC detected on 2 hosts."

By default, the action for this is to detect/alert.

Resolved! Server 2022 and Microsoft Edge

Hello,

After applying Microsoft July 2023 updates to server 2022, Edge no longer works.  It opens to a white screen and then crashes.  Event Viewer shows a faulting application name; msedge.exe.  Windows 10, 11, Server 16, AND 19 all seem to be worki

Resolved! Endpoint ID

Hi,

Can 2 endpoints have the same endpoint ID, coz we observed 1 endpoint got removed from the console, and upon checking the endpoint ID of the missing endpoint is present on the console but with a different hostname.

Thanks

Resolved! Cortex XDR query.