Access to live terminal with dual control

For legal reasons in our organization we have servers that can only be accessed in administrator mode if another authorized person authorizes access. That is, under no circumstances can a single person get administrator permissions.

Following this po

Folder and File exclusions wildcard question

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Malware-Security-Profile

The docs says: 

(Optional) Add files and folders to your allow list to exclude them from the examination.

Identifying Endpoints with WSL Installed from Host Insights

Hello all,

is there a way to find all endpoints that have WSL installed on them? Does Host Insights provide this or would I have to run endpoint scripts in order to retrieve this information? If so can someone please provide an examples?

Many thanks

MSI stolen certificate alerts

Today we started to get alerts for all our MSI laptops with the reason: "Behavioral threat detected (rule: msi_stolen_certificate.1)". The alerts trigger on the MSI software installed on the latops, like "MSI center", or "One dragon center".

Are th

PAN NGFW into XDR best practices

Hi there, 

We have have recently started ingesting PAN NGFW logs into XDR, however they're generating a lot of incidents, for now I have excluded - prevented/terminated events, does anyone have any information on best practices, useful ways to use

cortex xdr script

1. any script library on GitHub

2. how to download detailed reports as CSV.

Deploying Cortex XDR via AutoPilot

I've been trying to configure Cortex XDR version 8.0.1.33809 to be deployed when configuring a laptop with autopilot. I downloaded the agent directly from Cortex XDR, configured it with the intune app creator to convert from an .msi file to a .intune

XDR and registry on windows machines

Hi all,

Got a question - can the XDR block registry changes on windows machines? I'm talking about a blanket block, not just on the agent's own registry keys.

Cortex XDR Checkin Time

Hello All,

Was curious, is there a related registry key for Traps last check-in date? I'm curious if there is an easy way to pull in that information with powershell.

Quick example scenario would be that we would use one script to pull in the las

Changing Analytics and BIOC Analytics Rules Severity and Configuring the Agent to Block

Hello all,

I have identified that the Analytics and BIOC Analytics is identifying real threats yet no action has been initiated due to the log source. Is it possible to increase the severity of these rules to Medium and higher ? 

Secondy, is it possi

XQL - what am I doing wrong?

Hello dear community!

I am testing some XQLs from the last webinar. 

In my test I fired following XQLs one on one, but I do not understand why the left join doesn't work. I allways get 7 results with the host inventory users preset. Without I get 1

GootLoader and XDR protection

Our customer is requesting to see if the Cortex XDR protects against the GootLoader vulnerability.  Anyone have any idea?

Documentation for Advanced API Monitoring

Dear LIVE community,

Does anyone have any details on Advanced API monitoring? (Under Malware profile --> Global Behavioral Threat Protection Rules)

It is disabled by default and the only information we got so far was that it could help detect CVE-2