Best practice for installing agents on Windows "multi-session" Azure AVD?

Which method should be used to install the Cortex XDR agents for the Azure-only Windows 11 multi-session VDI? Since it's both a terminal server, and a non-persistent VDI that gets re-imaged from a golden image?

Filter over 100 CIDR

Hello,

I have an XQL query and I need IPs to be displayed if they are in some CIDR.

I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them.

Example : 

XQL : Need help with json_extract

Dear Community,

I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.

Sample data:

Growth of ARM processors in Windows Ecosystem

With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.

Is there an roadmap for considera

XDR Agent 8.5.0.2457 on macos 14.5

Hi community,

After my laptop upgrade to the last version of xdr agent i get the following:

Randomly the system looks as if it's loading and after a few seconds it's back to normal. the machine doesn't crash but the mouse keeps showing the hourgl

How to escape the "\" escape character itself?

Dear community,

I'm trying to use the replace command in XQL to replace the "\" escape character and have so success.

When I tried with the double slash \\, the XQL will raise syntax error.

Samp

Blocking VPN Extensions in Browsers (Chrome, Firefox, Brave) Using Cortex XDR Agent

Hi Community,

I have a query: How do I block VPN extensions in browsers (Chrome, Firefox, Brave) using the Cortex XDR agent? If it's possible, could you please explain how to do this?

new feature in the Cortex XDR agent 8.3, Agent Certificates

hi

i have cortex xdr on several endpoints, can you explain me more about the new feature Agent Certificates and its implication and how to work? i want to set enabled this function because is disabled for old tenants

Xql query for filtering os version like microsoft windows 10 pro and microsoft windows 10 enterprise.

Hi , Family 


I want to filter Microsoft Windows 10 Pro and Microsoft Windows 10 Enterprise from all my endpoints. In All endpoints section, it's currently showing only Windows 10 as the Operating System. I need a query that differentiates between Pro

Pulling an inventory of Chrome Browser Extensions

Hi,

I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a q

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case?  

Cortex XDR 

Cortex XDR Host Firewall - Use it public WAN?

Hello dear community, 

are you using the above mentioned module on windows notebooks with public routable ip addresses? 

Is this firewall module recommended for such public facing scenario?

BR

Rob

Running an XQL Scheduled Report Email If a Result is Found

Hello, 

I have a working XQL query that deals with Host Connectivity. Can I configure this to run as a scheduled report and only if there are results the report can be sent by email? 

I do not want to receive empty reports. Can this be done in XQL or

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. 

I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We a