Hello there,
What is the purpose of this folder(C:\ProgramData\Cyvera\Ransomware) for Cyvera? Couldn't find even a mention for it so it decided to ask the community.
Thanks
Hi
We are currently deploying Cortex XDR as a managed service. However we have on-prem McAfee/Trellix which we are to keep. I've put in McAfee exclusion for "c$\Program Files\Palo Alto Networks". So anything in "Palo Alto Networks" and any subfolde
...
Hi,
I am adding an email as a IOC in Cortex XDR, but it is not being detected through O365 logs.
Could you help?
O365 log
fieldname : "sender"
data: "{"emailAddress":{"name":"XXXX","address":"xxxx@xpto.com"}}"
Regards,
Dear experts,
From the following resource table, two json tables for GCP are provided (one for Google subnet and another for Google IP range associated with my region)
Question:
For the connectivity, do we need to allow all GCP IP range (in the
...
Hello experts,
From the matrix, v7.9 supposed to be the last version to support Win7, just found out 7.9 has been removed from the Agent installation while creating an installer.
Do we need to "downgrade"/use much older v5.0 instead???
...
Dear community,
I've been evaluating the benefits of ingesting o365 logs so far. Seeking those who have the mentioned logs ingested into Cortex XDR -
does Cortex XDR review and raise alert using the hashes of the attachment if the attachment is a mal
...
Hey All, question for you.
What process does an XDR agent follow when a user opens a simple .pdf or .docx file? I am trying to find something basic to explain this to one of our Executive Managers who is concerned that the agent is causing common a
...
Greetings
I am have 5 Cortex XDR modules showing as Disabled by Adaptive Policy .
Where is this setting configured ? in which profile ?
Thanks in advance
Bala
Hi All,
We are facing an issue where the agent does not connect unless we click on Check in now after the machine is restarted.
Please let me know if there's any solution for this.
Regards,
Shahwaz
Hello Team,
We are using XQL to query data from cortex API for windows event logs.
Our query run every 5 minutes and we have used parameter timeframe in the query. This parameter is provided in the API documentation.
However, when we pull the logs,
...
Hi team
I am trying to update an agent but it shows me "the installer has timed out" on the logs, I checked upgrades logs and I see the next message "Distribution ID is missing from installation package" I thought that it could be an issue related to
...
Hello,
Just to be sure. Are the Windows Server 2008 secured with the Cortex XDR 5.0 agent as the Windows Server 2003 are, until June 1, 2024 ?
I mean, it's not clear when I see that :
We are currently integrating the Cortex XDR incident logs with the Splunk tool. Currently, the incident logs are visible in the Splunk tool, but certain essential fields required for conducting an XDR log investigation are not available in the existi
...
Hello,
I'm trying to search for all installed vpn on endpoints using an XQL Query.
Before going further in my query, I'm trying to list all hosts where the application name contains "*vpn*".
This result and the result from host insight doing the
...
Hello everyone,
We are looking at using XDR to monitor Bitlocker status on Windows machines. On the 'Disk Encryption Visibility' page, we can see the Encryption status, but there is no way to filter on 'Unencrypted' drives.
- Does anyone know of an X
...
