Cortex XDR Discussions

Resolved! XQL Query to Help Create Correlations Rules

Hello i'm trying to do query for the specific fields in the datasets, im trying to do regextract to filter out some specific value in the fields then i use alter to move it to the new fields. But the problem is the value of the fields that im trying

Resolved! cortex XDR XQL "xdr_event_log" "var/log/secure" and "var/log/wtmp"

Cortex XDR 

Dear all,

Does anyone know the log source for action_evtlog_provider_name = "var/log/wtmp"? As I know, wtmp is last log as follow:

However, I find that the result is not only wtmp log but also secure successful log in cortex XDR:

So

Resolved! Creating an Alert when a lost Endpoint device comes back online

I want to create an alert and to do this, my understanding is to create a XQL query in the Correlations, to create the alert. I then can use the Automation to create the Email and text alert.

My struggle is I'm not that good with creating XQL stuff.

Resolved! Is it possible to block NFC in Cortex XDR?

Resolved! Cortex XDR alert log notification delay

Hi All：

We found that the Alert notification sent by XDR was delayed in delivery.
It often took over a minute to arrive, and on one occasion it took over forty minutes for our log server to receive it.
Does anyone know how to improve this issue, or i

Resolved! Cortex for Linux: Scanning through command line

Hello,

We have a use case in that we want to pre-scan files in a software installed on Linux. Is there any way to do a custom scan using Cortex in Linux? I searched all documentations regarding Cortex on Windows and Linux and it seems there is no such

Resolved! Automatic retrive alert data on VDI XDR

Hello,
In my company, we have many non-persistent VDIs, and sometimes an alert arises and I couldn't perform the 'Retrieve alert data' because when i see alert the user has already logged out of the VDI.

My question is, is it possible in the Cortex X