Hello Team,
Can you help with below queries
Hello
Is there any solution to export the allow list in prevention profiles?
For an example the malware profile?
I already checked in XQL.
Found no dataset where these informations could be exist.
Anyone any suggestions?
Cheers
Tobias
Dear community,
I would like to block connections to specific domains using BIOC,
but I found that the "Add to restrictions profile" button is missing when right-clicking on a BIOC rule.
Why is there no such button? Alternatively, is there any way to
DTRH: CIS Benchmarking
3rd Party Data Ingestion | Data Parsing | Widgets & Dashboards
Overview
In this DTRH we will look at adding valuable data into XDR from
...
Hey dear community,
is Cortex XDR Pro using the base from the https://www.loldrivers.io/api/drivers.csv list? I am asking because I could build my own IOCs from this list and I want to know if it is necessary.
BR
Rob
Hello, experts,
Found out the Device control which can be temporarily allowed to my USB device when my EP is connecting to the Internet/XDR Portal.
Just wondering if we could temporarily allow the USB without (the EP) connecting to Portal?
Thanks,
S
...
Hello dear community,
we had a nice expierience today with a FP (IOC, IP). We got about 2000 E-Mails and there were more than 5000 alerts, so Cortex auto disabled the IOC. So far, so good.
In our case it would have made sence to reduce the tresho
...
Hello,
We are using Pro Per Endpoint license.
Is that possible to integrate Third party security solution with Cortex XDR.
If it is Yes, Which tool we can integrate as a best practice.
Hello,
Hi Team,
Is there a possibility to block specific external domain ip addresses via the cortex xdr host firewall?
Dear Team ,
We have assigned role to several XDR analyst for incident response but we cannot find Report verdict as Incorrect Option in Key & Artifact section.
My doubt is how can we configure the setting in role section of XDR to enable the Rep
...
I have installed Cortex XDR on my corporate laptop which runs the subjected Linux operating system. I used the DEB package and used below command to install.
sudo dpkg -i <cortex_pacakage>.deb
But after the installation Cortex agent is not runnin
...
In the 7/17 content release notes, improvements have been made to "Suspicious Encrypting File System Remote call (EFSRPC) to domain controller' generated by XDR Analytics BIOC detected on 2 hosts."
By default, the action for this is to detect/alert.
Hello,
After applying Microsoft July 2023 updates to server 2022, Edge no longer works. It opens to a white screen and then crashes. Event Viewer shows a faulting application name; msedge.exe. Windows 10, 11, Server 16, AND 19 all seem to be worki
...How do I block a specific url using edl?
