After not using a broker, the endpoints are unable to connect to the server.

Dear community,

I tried to make some agents connect directly to the server without using a broker. 

However, it's not able not connect to server.

I referred to the practices of others, and tried executing "cytool reconnect force", but still couldn't

DNS resolution was wrong for Firewall alerts

Dear LIVEcommunity,

Did anyone encounter problem such as hostname does not match with the IP address for alert ingested from NGFW?

This is especially true when come to host that doesn't have Cortex XDR agent installed. Now, if the host cannot insta

how to vie cloud identy engine logs on cortex

We successfully implemented the cloud identity engine on-prem and in the cloud, and we enabled the engine on the cortex as well, but we don't know how to view the logs. Could you please tell us where to look for the login logs on the cortex?

Number of incidents per month on cortex XDR

Hello,

Does anyone know how to generate a report of the number of incidents per month on cortex ?

I can only generate for the current month and not for the past months.

Thanks in advance.

Cortex XDR - All Actions export

Greeting to all!

I have faced an interesting use case with Cortex XDR and I haven't seen solution to it ever before. 

Short description of the situation - We have a successful vulnerability exploitation event. We know for sure, that it was exploited an

How to use interactive script mode Run Kansa investigation powershell

Hi 

does anyone know

How to add investigation powershell to the Agent script Library of XDR Action Center. That I can choose it to do incident investigation when using XDR interactive script mode

Tracking Cortex XDR Corrupted Agents

Dear Community,

When I first started the Cortex XDR Project and started installing the agents, I made a mistake and deleted the outdated installation packages from the portal.

After that I started getting a lot of disconnected agents as if they try

Why there are no related alerts on scanned malicious files.

Hi, we have recently malware scanned an endpoint and upon checking the results, it appears that there were 3 malicious files on the host.

Now, I tried to right click and view related alerts on the 3 malicious files and it just shows nothing. What's

Allow users to change the Timezone

Hello,

We have users from different places and different timezone. We noticed that it is not possible for a user to change their timezone if they don't have the General Configuration View/edit permission. Is there any other way to allow a user to c