Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Create custom widget to display data from Jamf

Hi Everyone,

I'm wondering if it's possible to fetch data from JamfPro MDM solution for example user_name, ip address and mac details and add it as a custom widget to the cortex dashboard. If this is possible kindly guide me on how to achieve this.

#ap

...

Resolved! CORTEX XDR Cloud Inventory AWS Region TEL AVIV is fully supported?

Cloud Inventory in Cortex XDR is not detecting our assets in the AWS Tel Aviv region,

while it does detect assets in other regions, even though the configuration and permissions are valid according to Cortex XDR SaaS.

Is this a bug, a limitation, or

...

Upgrade Tenant 3.x to 4.x question

Hi Expert ,

I would like to know or anyone have experience about upgrade tenant cortex xdr from 3.x to 4.x if older we have just prevent lic and then have to upgrade lic to pro can upgrade existing 3.x to 4.x ?

Thank you

Resolved! How endpoint devices, XDR Broker VM and XSIAM Cloud communicate in case of HA configuration

Hi Team,

I'd like to know how endpoint devices, XDR Broker VM and XSIAM Cloud communicate in case of HA configuration.

I guess HA configuration may require a virtual IP address to receive logs from endpoint devices and to send the logs to XSIAM C

...

Resolved! Threat ID #9999' generated by PAN NGFW

Hello,

I have turned off alerts on NGFW for Private URL, but I still get threat ID #9999.

Can somebody a little bit more explain what this threat ID means? I am trying to clean it up, but still get these alerts.

And it is not any kind of malicious tr

...

Resolved! Cortex not allowing specific Bluetooth devices to connect

We have been testing device blocking using Cortex. We have noticed that some Bluetooth devices (Apple Air Pods for instance) are not being allowed to connect/pair. I do not see a setting specifically for these types of devices, and I have been unsucc

...

Cortex XDR Agent setup

Hi folks

do you have idea from where i can download Cortex XDR Agent 8.8.1 MSI file, we wanna to run a batch script for uninstall it

PS: our license its expired and we cannot get it from the XDR portal

Cortex XQL "Let" replacement

Hi,

I'm wondering if anybody knows a method, I can use to join multiple queries within the same XQL query.

I have 3 separate queries which return a count of vulnerabilities for each region of logs. How do i merge these 3 queries to return a table

...

Resolved! Baseline Creation of Endpoints Without Registered Alerts in Cortex XDR

Good afternoon, it’s a pleasure.

I’m currently working on building a baseline of endpoints that have not generated any alerts within the production timeframe. The idea is to use this baseline as the foundation for a future correlation rule.

I’ve been

...

How to prevent ADFSjacking with Cortex XDR. Is it possible?

Just reviewed an article on ADFSjacking in Office365. Is this something that can be prevented or blocked using Cortex XDR and/or the Advanced Threat Detection or Advanced URL Filtering add-ons for PAN NGFW?

Resolved! Block Execution of Specific Applications Regardless of Location

I want to prevent the execution of anydesk.exe, choco.exe, and cloudflared.exe. However, I went to the Prevention Policy Rules and created restrictions for applications, but it only allows blocking in specific locations, so that doesn't meet my needs

...

Cortex XDR Broker VM Connection

Hi,

Does Cortex XDR service on cloud initiate connection to Broker VM?

Or just broker VM will initiate connection to Cortex XDR service?

I need this information to define whether I need 1 to 1 static NAT on firewall for broker VM or not.

Thank

...

Cortex XDR Agent Failover

Hi,

I use broker VM for bridging communication between XDR agent and XDR cloud. But the communication can happen only when the agent reside in internal network. Does cortex xdr have mechanism to detect whether inside or outside network? So it can d

...

Resolved! XQL query to get the list of new software/applications

Looking for help. I would like to come up with the query to find all new applications installed compare to the last month inventory.

The logic would be what new application/software have been installed on the hosts this month.

Cortex XDR Agent offline notification

Hello Team,

I would like to be notified by email when an XDR Agent goes offline.

However, I could not find a function to notify the agent status.

Do you know of any documentation that explains how to configure the agent status notification functi

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Create custom widget to display data from Jamf

Resolved! CORTEX XDR Cloud Inventory AWS Region TEL AVIV is fully supported?

Upgrade Tenant 3.x to 4.x question

Resolved! How endpoint devices, XDR Broker VM and XSIAM Cloud communicate in case of HA configuration

Resolved! Threat ID #9999' generated by PAN NGFW

Resolved! Cortex not allowing specific Bluetooth devices to connect

Cortex XDR Agent setup

Cortex XQL "Let" replacement

Resolved! Baseline Creation of Endpoints Without Registered Alerts in Cortex XDR

How to prevent ADFSjacking with Cortex XDR. Is it possible?

Resolved! Block Execution of Specific Applications Regardless of Location

Cortex XDR Broker VM Connection

Cortex XDR Agent Failover

Resolved! XQL query to get the list of new software/applications

Cortex XDR Agent offline notification

Can Cortex XDR fully substitute for Microsoft Defender Attack Surface Reduction (ASR) rules?

Evasion Technique - 1244315488

Other Network Source Checkpoint,Fortinet Cortex can auto stich

Cortex XDR - API Automation

Cortex not allowing specific Bluetooth devices to connect

Re: Evasion Technique - 1244315488

Re: Evasion Technique - 1244315488

Evasion Technique - 1244315488

Re: Cortex XDR - API Automation

XDR Agent on CIE server

Unlock your full community experience!

Rules and Best Practices

Resolved! CORTEX XDR Cloud Inventory AWS Region TEL AVIV is fully supported?

Resolved! How endpoint devices, XDR Broker VM and XSIAM Cloud communicate in case of HA configuration

Resolved! Threat ID #9999' generated by PAN NGFW

Resolved! Cortex not allowing specific Bluetooth devices to connect

Resolved! Baseline Creation of Endpoints Without Registered Alerts in Cortex XDR

Resolved! Block Execution of Specific Applications Regardless of Location

Resolved! XQL query to get the list of new software/applications