Hi ,
It shows half of the Linux systems partially protected even though all the the kernel versions, content update and agent version are compatible .Also no policy changes were made. What could be the problem ?
Hello everybody,
I need to create stacked graph similar to the one on Ingestion dashboard (Daily consumption).
The graph should have DNS query name on X axis and total count on y axis. But at the same time, I need to have the column separated by DNS_
...
Hello,
In some cases, when we try to delete files using hash/path, file deletion fails due to "Access Denied".
What could be the reason for the deletion failure?
I have a number of cases where the tenant equipment is disconnected from our cortex xdr,
There was a tenant change recently and equipment from any of them became disconnected for no apparent reason.
I tried brute force connected but it didn't work.
An
...
Do I have to collect forensic data all the time? it's sufficient to ingest data just after an incident?
*Note: This question was asked during the Cortex XDR Customer Success Webinar: Uncover the Power of Forensics - Part 1
Hello community,
I was wondering if anyone found an efficient query to look for data exfiltration/large file uploads?
I'm looking more from a threat hunting perspective, where I would want to trace one or multiple file being uploaded to a remote dest
...
Hi Team,
We are getting this error while installing XDR on a Windows server - The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 2502
Can someone pls help to
...
Is there a new Cortex XDR being released soon for compatibility with MacOS Sonoma (14.0). I have a team testing this OS and the current version 8.1.1.2594 isn't compatible.
Hello,
I would like to be notify when an endpoint is outdated or when an upgrade failed.
I'm aware there is the notifications pages,
LIVEcommunity - Notification if Cortex XDR agent fails to upgrade - LIVEcommunity - 531271 (paloaltonetworks.com)
...
Hi Team,
We have detected several IOC incidents in the Cortex XDR console. The action status for these incidents is marked as 'detected,' but upon further investigation, we found that the internal network team had prevented these incidents in the P
...
We received a notification with Action:Detected (Sinkhole).
What does it really mean? Did Cortex XDR blacklist it? Blocked it? I can't any information on what these Actions mean in the Administrator guide.
Hello,
Currently we are sending all the incidents generated in XDR to Microsoft Sentinel and a new incident will be created in Sentinel. When we close an incident in XDR console, we are closing that incident in Sentinel manually.
We would like to k
...
How to cancel a bulk scanning initiated which is showing in progress state. Even "cancel for pending endpoint" is also no longer working.
