Hello dear community,
who of you is using XSIAM? How is it?
Will XDR + XSIAM ever get together in one product?
BR
Rob
[
{
"@odata.type": "#microsoft.graph.fileAttachment",
"@odata.mediaContentType": "image/jpeg",
"id": "AAMkADEzYjJhMzM1LTY0ODctNGUxOS05ZDc5LTQ2MW
Hello,
We use the Vmware Horizon VDI solution in Instant Clone with FSLogix profiles and a dedicated machine based on a Golden Image (Automated, Instant Clone, Dedicated).
A user therefore always connects to the same machine, which is updated fro
...
Hello dear community,
the Cortex XDR agent disables Windows Defender on FAT-Clients automaticly.
Does Smartscreen in "App & Browser Control" still work in this state?
BR
Rob
Hi,
is there a way to re-use populated Cloud tags (eg. from AWS cloud) into Tags used for Endpoint distinktion and dynamic group definition?
Thanks
Ondrej R.
Hello ,
We are a MSSP and since less than one hour, a new rules appeared in many of our Cortex XDR tenant : Suspicious Network Activity - 3045255237 involving the IP 2.58.113.190. The communication is launched by the process System, like if a rootk
...
Hi,
I would like to check whether there is a way how customer can ingest IOC in form of the JA3 hashes into XDR?
thanks
Ondrej
Hi ALL,
New to XDR world,
I am have a XQL query against a 2FA log which looks for user login (fail or success) from 2 different countries in 3 hours.
Query looks like
dataset in (XXX_raw)
| filter eventType = "User.Login" // look for login events
|
Hi,
we have successfuly integrated ServiceNow CMDB into Cortex XDR and have fetched data to datasets servicenow_cmdb_*.
We did not find in the Admin guide information how and if those ServiceNow CMDB data will be propagated into Asset information i
...
Hi Everyone,
I would like to force reconnect the workstation that is in old Cortex Tenant to the new Cortex Tenant we have.
Is is possible to create a batch file for this so it can help us to work easily? is the .bat format applicable in MAC OS?
...
Hi People,
I was wondering if anyone could assist me with XQL Query to display the Incident name. Please refer to the attached photo to get an idea of what I am trying to achieve. I have used the xdr_data dataset, however i cannot find the relevan
...
Can anyone help me how to retrive endpoint logs from data lake via XQL
Hi,
What correlation rules and BIOCs created manually do you suggest?
Regards,
Fábio Ferreira
Hi,
Is there any Cortex agent customization suggested or best practice docs for Windows Terminal servers and Windows DC Servers
Hi everybody !
I would like to find out how to download the XdrAgentCleaner.exe to remove cleanely old xdr cortex agent ?
We have several computers on which we cannot uninstall the old agent, you will find the message attached.
I have already follow
...
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
