Hello everyone,
I need your help because I want to create a BIOC deletion rule, I have the hash, the username and the path but I would like this deletion to be effective during a specific time slot, can it be configured?
Hello,
We have noticed that the user can simply exit the XDR on the system tray. Is there any way to block the exit button with admin rights or any way possible to avoid stopping the app?
Hello,
i know that i can block specific files in cortex but i am looking for a solution how i can block only .exe files in Users download folder.
In the Malware Profiles i can see that there is only a allow list where i can write single filenames t
...
In a document provided by my company some time ago, we were asked to install Traps on our personal computer, however, I found that it blocks certain programs(video game) when I'm not working. It seems it's not possible to uninstall this and a supervi
...
Hello,
What exactly is the use of the feature called active assets and active managed assets in the IP ranges section under the Network configuration module.
Hello dear community,
what is your expirience with slow applications when printing, saving documents (not responding) on a terminal server?
Yes, there are over 30 users on it and it was a bit slow before cortex xdr pro rollout. But now it is terri
...
Hello,
1. If we create a policy related to scanning of endpoints and apply that policy in all the machine and run it on all the machine at the same time. Is it this method possible? Will it create any issue?
2. Pop up messages to users for malicious
Hello,
Currently we are trying to create a query that gives us the result if the user has executed Sudo command and then right after executed the cd command. Is it possible to write a query that searches for commands executed one after the other?
...
Hello,
We are trying to create a quarantine policy for machines that are not connecting to the console, so we are checking if NAC solution can fetch these details and based on that policy can be created. And also, where (file path or file name) can w
...
Hi All,
Is it a good idea to enable the XDR host firewall to manage all endpoint communication? or is it better to keep the default windows firewall enabled without using the XDR firewall?
I would be happier if someone suggests any article/docume
...
We received couple of alerts on rare iptable delete command.On checking the host activity, we could able to observe all commands including newly entered command in the host machine but not able to see the iptable delete/flush command in the activity
...
Hello dear live community!
We are now at the step where we connect some Servers to Cortex XDR which should not connect directly to the Internet.
In the first mind we talked about the Tier 0 server. Today I was asked why we cannot bring all the se
...
I am working on the integration between CDL and R7 IDR SIEM and this is not working. I don't get pass the test connection on CDL.
https://docs.rapid7.com/insightidr/palo-alto-cortex-data-lake/
https://docs.paloaltonetworks.com/cortex/cortex-dat
...
We receive an alert Management Audit Log: Broker VM XXXXXXXX license has expired - Deactivating applet XXXX.
I'm not sure about this log, someone please help suggest us.
Cortex XDR
If I change a laptop's malware profile from having quarantine features enabled to disabled do the files in quarantine get released?
reaper
on:
block powershell but allow only specific powershell script
