Cortex XDR Discussions

XDR BIOC Rules

Hi All,

We have a few Palo Alto BIOCs that are disabled in our console, does Palo alto disables those rules by themselves if yes where can we find more details about it like why it was disabled in the first place.

Regards,

Shahwaz

Deploying Cortex XDR agent with intune using variables such as endpoint tags

Hi all,

My client is facing issues deploying the agent with intune, the agent gets deployed as expected but additional arguments such as ENDPOINT_TAGS="blah" added to msiexec seem to be lost as they can't see them post install when browsing through

Cortex XDR memory consumption and management on Linux

Hello team,

I have query regarding Cortex XDR Linux agent memory consumption and management.

We have seen multiple cases where Cortex XDR memory consumption is high, however whenever we raise a case we got to know that memory consumption is norma

Broker VM for Cortex XDR

Hi,

As a part of Cortex XDR , I would like to know some benefits of Broker VM

 I have gone through some of the docs and it looks like a Separate image that need to be installed. So,

1. Do we have to install it on every endpoint (Ex: 10,000 servers) that

How to enfore license revocation in Cortex XDR ?

Hello Team,

Actually we have exceeded the license quota, i'm wondering how can revoke certificate from unused endpoints and return unused licenses to the pool of available licenses.

Thank you in advance.

Br,

Aymen

Track down bad API key

I have an issue with CortexXDR.  I get errors in the logs every minute from something trying to use an API key that was deleted when one of our security guys left.  The source IP for it is our external NAT address that all our internal to external tr

Adding a list when applying a filter

Is there a way to take a list and apply as a filter, without adding each one separately

For example, below pasting in a list of endpoint names. instead of typing each one individually 

Cortex XDR Partially protected endpoints

Hi ,
Some of the mac devices operational status is "partially protected" & we are getting the below error 

Xdr Data Collection Not Running Or Not Sent

Agent is not running due to disk space

How to resolve this issue?

Take BAckup logs for 30 days

regarding our log retention policy on Cortex. Since we have a 30-day log retention period, is it possible to download the logs for the past 30 days from the console each month as a backup?

Cortex XDR Use Case Details

Hello Team,

Please help us to address below query.

-> Where we can find the details of all use cases in the XDR console.

Regards,

Ramyashree

Cortex XDR Software Inventory

Hello,

I am curious as to what data Cortex XDR pulls to put together a software inventory list. I am trying to create a script to uninstall a program on an endpoint and the last resort method the script does is deleting all program files (both in Pro

Turn on Bitlocker?

We are in the process of rolling out Cortex XDR to our organization. I saw the new BItlocker status screen/policies.

I'm struggling to understand if I can enable Bitlocker with this policy, or if this is just a way to ensure the devices are complaint

Cortex XDR linux memory usage

Hello ,

Can someone please help me to understand the Cortex XDR logs for memory usage by cortex XDR service.

below are the consumption details in logs.

"trapsd_memory_private_usage": 606146560,
 "trapsd_memory_working_set": 4232118272

which memo