Agent 8.3.2 not showing in the Agent list in the Instance

Hi Team,

As shown in the "Cortex XDR Agent Release" official document that 8.3.2 has been released on June 24th 2024, but we are not getting that agent version in our instance "Agent Installations". 

Cortex XDR is unable to block USB viruses - the reason is unknown.

We recently encountered an issue where a user's computer got infected with a USB virus after inserting a USB drive. The virus uses USB Driver.exe to create some directories and malicious programs as shown in the attached image. Additionally, it uses

Virtual functions/Variables - Creating anomaly based detection rules - XQL

Hello Everyone,

Cortex XDR has the functionality does allows you to use XQL queries to create lookups or datasets.

The problem is that these are static and cannot be dynamically updated for detection rules.

The use case I had in mind is that I have

Agent Audit Log "Start" event

Hi,

I cannot find a single "Start" event under my Agent Audit Logs. If I can see there is a "Start" if I use "Sub-Type" as a filter so I suppose there must be "Start" event. Does anyone have idea?

Cortex XDR Agent Scripts Library

Hi Community,

I have a query. I am interested in retrieving the user access history for a specific URL in the browser for the last 3 months. Is it possible to run a Python script to retrieve this information?

XQL query for searching extensions installed within an application

Hi All,

Looking for an XQL query to detect extensions installed from an applications marketplace to use within the application. For eg. someone installing "github actions" extension from the azure marketplace.

Huge Cortex XDR upload traffic observed from firewall

We have branch network connected to Data center via MPLS VPN link. All branch PCs internet traffic going out from the DC firewall. From all the branch PCs (Around 8000), we have observed a huge outbound traffic towards internet related to Cortex XDR

API Syntax Issue

Hi everyone,

I'm trying to use the 'run_script' API to start the built-in 'Execute_Commands' script on a target machine. I've worked through a few error messages already regarding the command string having black slashes, timeout not being set as in

Cortex XDR Kubernetes Agent - Cluster Name

Hi,

Can anyone tell me what is the purpose of the "Cluster Name" and "Development Platform" fields when creating a Cortex XDR Kubernetes Agent Install Package? Both fields are not mentioned in the documentation.

Thanks

Cortex XDR 

Required Windows Event IDs for the best Cortex XDR detection performance

Hello, dear Community,

I need a list of Windows event IDs required for BIOC and other Cortex XDR rules to work effectively.

For example, when we performed a Kerberos user enumeration attack using Kerbrute, it was not detected initially. Cortex XDR