Filter over 100 CIDR

Hello,

I have an XQL query and I need IPs to be displayed if they are in some CIDR.

I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them.

Example : 

XQL : Need help with json_extract

Dear Community,

I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.

Sample data:

How to escape the "\" escape character itself?

Dear community,

I'm trying to use the replace command in XQL to replace the "\" escape character and have so success.

When I tried with the double slash \\, the XQL will raise syntax error.

Samp

Blocking VPN Extensions in Browsers (Chrome, Firefox, Brave) Using Cortex XDR Agent

Hi Community,

I have a query: How do I block VPN extensions in browsers (Chrome, Firefox, Brave) using the Cortex XDR agent? If it's possible, could you please explain how to do this?

new feature in the Cortex XDR agent 8.3, Agent Certificates

hi

i have cortex xdr on several endpoints, can you explain me more about the new feature Agent Certificates and its implication and how to work? i want to set enabled this function because is disabled for old tenants

Xql query for filtering os version like microsoft windows 10 pro and microsoft windows 10 enterprise.

Hi , Family 


I want to filter Microsoft Windows 10 Pro and Microsoft Windows 10 Enterprise from all my endpoints. In All endpoints section, it's currently showing only Windows 10 as the Operating System. I need a query that differentiates between Pro

Pulling an inventory of Chrome Browser Extensions

Hi,

I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a q

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case?  

Cortex XDR 

Cortex XDR Host Firewall - Use it public WAN?

Hello dear community, 

are you using the above mentioned module on windows notebooks with public routable ip addresses? 

Is this firewall module recommended for such public facing scenario?

BR

Rob

Running an XQL Scheduled Report Email If a Result is Found

Hello, 

I have a working XQL query that deals with Host Connectivity. Can I configure this to run as a scheduled report and only if there are results the report can be sent by email? 

I do not want to receive empty reports. Can this be done in XQL or

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. 

I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We a

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully.

The XDR agent communicates through the broker VM, and their communication is also