Integration of Cortex XDR with the SIEM (Microsoft Azure) solution
Had a few queries regarding it:-
1. Supported integration methods & recommended integration methods for integration with Microsoft Sentinel.
2. What all logs can be forwarded (eg: Ale
We upgraded our clients from version 7.7.X to 7.8 and things like Visual Studio and Gitkraken and homegrown apps fail to run. No logs and really no errors other than just crashes or freezes. I pause XDR Agent and it runs fine. Anyone else experience
...
Hi all,
Has anyone ever had it where an agent will lose connectivity with the management console and will not reinstall afterwards?
I have an endpoint that lost connectivity with the console. Would not check back in. I removed it via the Control P
...
Hi there,
Recently I have received a request from client that they would like group endpoint automatically by the installation package, just like their previous deployment of their existing endpoint agents. Since it is much less admin overhead and
...
Hello ,
What could be the possible reasons for outdated content version despite the agents running in the latest agent version .
Looping in queries , Hi , I want to able to query if a particular command was executed after another one . For example if sudo was executed and then another command . How do i query that ?
Hello once again,
Does anyone know if it is possible to customize the message that is sent to the endpoint when it is isolated?
Currently XDR just displays a message for 5 seconds that says 'The Cortex XDR agent has stopped network access on your
Hello,
I have a little issue and I don´t know how to solve it.
Hopefully someone knows a hidden or 'unofficial' feature of XDR regarding this.
Briefly explained the structual background:
I am logging from diffrent Forti Firewalls into the XDR, thi
https://twitter.com/VirtualAllocEx/status/1599048829084794880?s=20&t=V1OyrvuCbhYez-wkSXNk1A
Or ist there a rule ready for this?
BR
Rob
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-prevent-admin/endpoint-security/customizable-agent-settings/endpoint-data-collected-by-cortex-xdr
BR
Rob
Hello ,
Wanted to know if XDR has the capability to view network packets (pcap) or to push out network policies, block traffic, visualization of network data etc.
My goal is to determine which device/user has used Sanctioned and non-Sanctioned cloud storage, e.g., Onedrive, SpiderOak, NextCloud, Syncthing.
There is a feature in Microsoft Defender for Cloud Apps that i'm hoping to find in Cortex, which contains
I'm attempting to pull out the name, type, and value from the dns_resolutions data
The below query results in "FAILED TO RUN QUERY" with no data, removing the alters does return data however no fields available return "value" in the dns_resolutions
...
Hi everyone,
I have a doubt
how can I check the status of the cortex xdr service / agent in linux?
Thanks in advance.
greetings.
