We are flooded by alerts from jusched.exe being flagged as Threat by Behavioural Threat Protection.
Are exclusions the only way out to resolve?
I am trying to combine the results from two queries, one using dataset=xdr_data and one from preset=xdr_file. But, I only want to see the results when the same "agent_hostname" appears in both queries. In other words IF agent_hostname from filtered x
...
Hello Team,
During AV scan, everytime we are recieving cache file is detected from the different hosts and filename and Hash is same. The file verdict is Benign.
Help me how can I address this file. As it is a temporary file.
We received a Cortex XDR email with the message:
"Your Cortex Data Lake integration with Cortex XDR is about to expire. To avoid any data loss, it is recommended that you copy your device configurations directly into Cortex XDR"
There was also a si
...
Hello Team,
We have already granted full disk permissions in macOS for Cortex XDR. However, we are still encountering the following popup:
The popup continues to reappear on the machine.
Our XDR agent uninstall password suddenly became unusable. So i figured i would go in and set a new one. Turns out it won't allow me to set a new password. It says: "Does not meet the requirements".
I have set the password to be 20 charachters, i hav
...
Dear Community,
Currently in Cortex XDR 3.8, there are new updates in the dashboard.
According to the official documentation below, you can configure filters and inputs in the custom dashboard.
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/
Hi Team,
We have already granted full disk permissions in macOS for Cortex XDR. However, we are still encountering the following popup:
The popup continues to reappear on the machine.
Hi All,
We are planning to do the following for the migration, can you pls validate if this is gonna work or not-
- We will import the configuration to new broker
- This will shutdown the old broker
- Since we have 2 BVM , we should not have any conn
Hello.
I am looking for configuration best practices for agent config, exclusions/exceptions for MS SQL. I am new to XDR but I know in similar products it's normal to exclude the database files from live scanning, etc and I can't seem to find any doc
...
I'm trying to create a dashboard with all temporary exceptions, but I can't find the database where the "Device Temporary Exceptions" is located.
Can someone help me
Hi Expert ,
I would like to know how to combine or join dataset between XDR-data and PANNGFW I make xql of PANNGFW when found, alert wildfire or antivirus will show file-sha256 by the way I want to combine dataset of xdr-agent to find file-path t
...
We have a mac that we suspect may be compromised. We would like to run a scan with the device offline and not connected to our network.
How would we go about doing this?
When i try to update the cortex version 8.1.1.43337 version, I got the attached error. I try to update from 7.9.1 version.
Hey!
I was just wondering if anyone knows of a way to get the total download/upload to show in MB or GB rather than bytes through an XQL queries' output?
XQL Query
dataset = xdr_data // Using the xdr dataset
| filter event_type = ENUM.NETWORK // Filt
