BIOC Block executables based field "Process_File_Info"

Hello,

I would like to know if any of you have struggled with support and technical cases with the need I show below.

I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Proces

XDR Policy Baseline/Comparison Tool

Is there a method/tool available that anyone is aware of to better manage multiple policies or quickly/easily identify those policies which may have/need slightly different configurations?

For example, if we have 2 dozen policies and there's a new

Abnormal Recurring Communications to a Rare IP

We are receiving multiple alerts from the rule below. All alerts are legitimate Microsoft IPs:

Abnormal Recurring Communications to a Rare IP

Could there have been any recent changes on the Cortex end that might be triggering this?
Cortex XDR 

Behavioral threat detected (rule: bioc.sync.critical_termination) Triggered By Known Good Files

Over the past two weeks we have been seeing detections/blocks from the following rule "Behavioral threat detected (rule: bioc.sync.critical_termination)" for known good files 7z2301-x64.exe (7-zip install) and PhotosService.exe (part of built-in Wind

XDR AGENT ALL DEVICES

Hi everyone,

Does anyone know of or have an automation to periodically check if all devices in the company have the Cortex XDR  Agent installed

I currently use Mapper, but my network is large, with over 35k devices (including computers, printers, a

Cortex XDR Generate Alert when Device is Online

There's many situations where it would be convenient to receive a notification when a device is online.  We often run into this when a device is isolated and we are  unable to contact a user.  Since there is no native ability to trigger an alert or n

Broker VM

Hi, 

I have downloaded Broker VM OVA file and installed it on my VMvare. I just wonder about with the following issues. As you know Broker has two IP one for public and one for private. 

In this part, if i go static, will I be configuring internal o

General Cortex XQL questions

Hello, 

I have been unable to confirm the following information in the online guidance I have been looking through.

How far back can we run an "All Actions" query in XQL? For example, can we search for file hashes going back 3 months or longer?

Also

BIOC that will close web browser while opening certain websites

I want to create a BIOC rule that will close web browser (ex. chrome) when I open certain websites (ex. facebook.com and instagram.com). I'm using Network BIOC and I managed to create BIOC rule that applies only to one website (remote host) but I don

Microsoft 365 email collector

Hi Everyone

Regarding the new email collector which ingests email logs and data from Microsoft 365: Ingest logs and data from Microsoft 365 • Cortex XDR Documentation • Reader • Palo Alto Networks documentation portal

Has anybody figured out a wa