Slack notifications in Cortex XDR Pro

Hey dear community!

How do they look like? Do we have any advantages over the e-mail notifications?

BR

Rob

How to count endpoint ACTUAL ACTIVITY by SQL query

Dears,

"ACTUAL ACTIVITY" graph under user card page in XDR is very amazing feature show the duration of user working hours. 

Unfortunately, the time was not specified with exact minuets. My management asks me a very accurate duration of how many ho

Cortex XDR CE version

How to know if Cortex XDR version is CE.

Will it show on the table when I go to Endpoints ----> All Endpoints and on the Agent Version Field it should have for example 7.9.102CE, if it shows 7.9.102 only then it is a standard version? 

Thank you.

Cortex XDR Broker VM internal communication.

Hi Team,

I have a query regarding the installation of the Broker VM in our organization. We have successfully installed it internally. However, when we tried to access the URL https://<brokervm-ip>:4443 internally, it failed. After whitelisting the P

Thank you!

Hello dear community!

Thank you all readers and writers for the huge content of help and useful information in this livecommunity!

And also thank you for your valuable time! 

BR

Rob

Cortex XDR Endpoints not showing logged User

Hi!

On our Cortex XDR tenant some computers are not displaying the User that is connect to the endpoint, performing a heart beat doesn't poppulate that field either, how can we make it so the User "domain\user" appears on the All Endpoints list?

Bes

Filter over 100 CIDR

Hello,

I have an XQL query and I need IPs to be displayed if they are in some CIDR.

I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them.

Example : 

XQL : Need help with json_extract

Dear Community,

I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.

Sample data:

How to escape the "\" escape character itself?

Dear community,

I'm trying to use the replace command in XQL to replace the "\" escape character and have so success.

When I tried with the double slash \\, the XQL will raise syntax error.

Samp

Blocking VPN Extensions in Browsers (Chrome, Firefox, Brave) Using Cortex XDR Agent

Hi Community,

I have a query: How do I block VPN extensions in browsers (Chrome, Firefox, Brave) using the Cortex XDR agent? If it's possible, could you please explain how to do this?

new feature in the Cortex XDR agent 8.3, Agent Certificates

hi

i have cortex xdr on several endpoints, can you explain me more about the new feature Agent Certificates and its implication and how to work? i want to set enabled this function because is disabled for old tenants

Xql query for filtering os version like microsoft windows 10 pro and microsoft windows 10 enterprise.

Hi , Family 


I want to filter Microsoft Windows 10 Pro and Microsoft Windows 10 Enterprise from all my endpoints. In All endpoints section, it's currently showing only Windows 10 as the Operating System. I need a query that differentiates between Pro

Pulling an inventory of Chrome Browser Extensions

Hi,

I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a q

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case?  

Cortex XDR