AMSI Byte Array Scanning

Does anybody have a solution similar to Defender for Endpoint for using AMSI programmatically to scan incoming files? Essentially, we have a requirement to scan incoming files that are scanned prior to being sent along to their next hop. This all occ

Does Cortex XDR agent require SELinux enabled on RHEL 8

Hello All, 

Could you please let me help me understand, whether Cortex XDR agent require SElinux enabled on Linux RHEL 8?

Requirement document there is no clear information regarding this and also let me know why this SElinux is required.

Thank

Webhooks

can we create webhooks on cortex xdr

Certificate Enforcement issue

We have several machines that are now reporting "Partially Protected" when we enabled Certificate Enforcement on them. 

First they started to show "Local-Store fallback used" in audit logs (informational severity), now we see "Failed to enable cert

Failed to get unit file state for traps_spmd.service: No such file or directory

Hello,
I just installer a 8.2 XDR agent to a linux server
"/opt/traps/bin/cytool startup enable all" returns 

Process name Startup status
pmd Enabled
Failed to get unit file state for traps_spmd.service: No such file or directory
spmd Disabled
Failed to ge

Monitor bitlocker

Hello,

I am checking if it is possible, to monitor from cortex when BitLocker is enabled on the computer, via a BIOC?

Best regards.

XQL Query - File Delete Action

Hi,

Please may i know if anyone may have the issue i encounter since early May 2024? 

1. Delete a folder (100+ files) from specific endpoint (right click mouse and select delete)

2. From Cortex XDR Query Builder - File Query and Select Action = Delet

XDR Query Builder

Hi,

I'm trying to use Query Builder but unable to get any results. see also attached screenshot.

But when I perform a XQL search with query "dataset = endpoints" it gives me results.

What should be done so I can use the Query Builder?

thanks