Resolved! WMIC MDE exclusions
Hello dear community,
do we need to setup our own bioc, or will this come as a standard rule from PA?
https://twitter.com/malmoeb/status/1671453836605550592
BR
Rob
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hello dear community,
do we need to setup our own bioc, or will this come as a standard rule from PA?
https://twitter.com/malmoeb/status/1671453836605550592
BR
Rob
hi,
I have this message on more windows server 2019(vmware environnement), after install cortex 7.1:
Server certificate for host is not allowed: error=19, message=self signed certificate in certificate chain
HTTP request failed due to an SSL error (0)
...
why brokervm showing disconnected in xdr console how to do get to know what had happen and how get in connected state.
Hello,
we wonder if we can install cortex aarch64 on a raspbian.
Does anyone try that?
Thanks
I am having an issue with an installation of XDR on Linux Mint 20.
I found this post with no resolution and one of the comments from @MartinSauer suggests someone else was seeing the same issue.
LIVEcommunity - ERROR:14090086:SSL routines: SSL3_GET_
...
Hello,
I'd like to hear from people who have worked with Cortex XDR without the Cortex XDR agent.
The scenario is as follows:
The machines (workstations and servers) are protected by a third-party EDR solution (e.g. Micrsoft Defender for Endpoint)
Hello All,
Otter.ai is the one of the bot feature that automatically join the meetings and there is the no any software for the windows that software available for the mobile only .
Is there any way to block it through cortex XDR.
Thanks in adv
...
Cortex blocked driver PROCEXP152.SYS from being loaded (rule: sync.vulnerable_driver_by_original_name_loaded_procexp)
The thing it that this is a signed microsoft driver and it's kind of a known situation for many other vendors.
Links: Process Explorer
Looking for information about Mystic Stealer. Does cortex have any content updates for it yet?
Hi,
We recently onboarded Cortex XDR and some of the detections are not displayed in the Cortex client's Events tab. But I can see them in the Cortex XDR console.
As an example I can see Prevented (Blocked) malware in both cloud console and the en
...
We are going to block the software by hash or process if in the future user requests an exception for a specific endpoint and how to create an exception for one particular endpoint and allow the software
Hello dear community!
Has anyone of you some expirience with Cortex XDR agent and Wazuh Agent?
We are discussing to setup wazuh as a SIEM, instead of splunk, Cortex DL, etc.
BR
Rob
Hello dear community,
I want to share with you my little XQL script which can identify and alert connected Clients which have no assigned endpoint group.
This can happen:
- Cortex is installed, but the endpoint name does not match the defined c
...
Dear community,
I tried to make some agents connect directly to the server without using a broker.
However, it's not able not connect to server.
I referred to the practices of others, and tried executing "cytool reconnect force", but still couldn't
...
Hi everyone,
I want to run Cytool reconnect on multiple computers,
I tried the following
echo <password>| cytool reconnect force
it works, but still displays "Enter supervisor password:", so you still need to press enter to let it continue r
...User | Count |
---|---|
9 | |
5 | |
3 | |
1 | |
1 |