Long Malware Scan time, normal?

hello all experts, 

I have encountered a long scanning time,  i launched a malware scan from console to isolated endpoint, the job was created at 15:30 and finished by 05:30 by next day.

Guessing when the job was created, either the agent was dis

Do Bioc rules contribute to an Incident?

Hi

I wanted to understand how do BIOC rules contribute towards an incidence, I have seen ABIOC contributing towards an incident

Cortex XDR trap agent unable to connect the console

Hello! 
I got into a trouble with linux oracle and redhat, the trap agent was installed successfully, the agent is activate, broker_vm defined as proxy and it connected, in the console the endpoints were visible (even in the endpoint description also

BIOC Rule - CGO V/S Actor_process_image_name

Hi 

I wanted to understand, if i want to see certain cmdline activities from "x" Process.

Want to know what will be more efficient putting the "x" process in "Causality_actor_process_image_name"

or in "actor_process_image" while creating a BIOC

Proofpoint TAP Integration - XQL Query Help

Has anyone worked with PP TAP integration and creating any useful XQL queries to help identify potential malicious mail that a user interacts with?  As example:
Email was not determined "bad" initially but after some sandbox from PP, it is later class

Rollback feature for agent upgrade

Where can I find agent agent upgrade rollback plan for failed upgrades in cortex XDR?

XDR Agent Conenction Status : Connection Lost

Hello guys!

I was thinking about what happens to Cortex XDR agent showing connection status as Connection Lost . I know XDR agent who failed to communicate to Management console for past 30 days would go to connection lost.

My doubt is if XDR age

Query to detect any file/folder that are being hidden

Hi All,

Can someone please share the query to detect if any file or folder is being hidden?

Regards,

Shahwaz

HELP - XQL QUERY For XDR and XSOAR

Hi,

I am creating a playbook with the objective of integrating Cortex XSOAR  and Cortex XDR . 

The idea is for Cortex XSOAR  to query Cortex XDR  , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the

Cortex XDR

Hello, Is there any possibility that the customer may utilize Cortex XDR agent in two domains, taking into account that first one has tenant id, the other doesn't?

Thank you in advance.

Cortex XDR Agent Service Get Stopped.

Hello Guys!

Just wanted a clarification that once the Cortex XDR agent service : cyserver.exe get stopped due to any reason.

1.How the system service restarts again ?

2. How many or frequency of  heartbeats does cortex xdr agent send to Cortex XDR

Difference between Detected and Detected (Reported)

I need to know the difference between both actions seen in alerts and if it's related to profiles configuratios(Block, Report Disabled). If it's set to Report, the action will appear like Detected (Reported) because it could be blocked?