Cortex XDR Discussions

Resolved! Query for listing installed VPN's in organization

Hey everyone,

I'm trying to list all devices within organization that have installed some VPN on them, but my query fails each time or returns small number of results. I set it to have most popular 10 VPN's in the list like Nord, OpenVPN, Express, Cyb

...

Blocking Bluetooth From Cortex

Hello Everyone.

How can I block Bluetooth from all the endpoints using cortex xdr? Is it possible?

Thanks.

Disable feature Initiate Live Terminal

Hi Support Teams,

I would like to know how to disable feature Initiate Live Terminal ? because some customer they have concern security control in this feature.

Regards,

Resolved! Cortex XDR Host Firewall behavior Question

Hi Everyone,

I am trying to configure host firewall using Cortex XDR, in the documentation, it mentions:

The Cortex XDR host firewall rules leverage the operating system firewall APIs and enforce these rules on your endpoints, but not your Window

...

Resolved! Cortex XDR Live Terminal Session - Can you disable the agent notification?

I'm looking for a way to disable the little notification pop-up that occurs on the endpoint when a security tech opens a live terminal session through the console, but I haven't been able to find anything in the tenant settings or KB articles so hopi

...

Resolved! Agent Upgrade Failure

Hi,

These are agent upgrade failure reasons, please suggest the method to resolve these issues-

1- Installer has timed out

2- Cortex Agent upgrade failed

3-The content package was faulty or could not be downloaded.

Thanks

Shahwaz

Ongoing Failure in Correlation Rules? View --> No Failure Reasons found

Hello dear Community,

does anyone of know, how to check what kind of error this was? My correlation Rules are not showing any error/failure Reason

No management and agent log entry. This error is invisible for us!

BR

Rob

Scheduled report for cortex XDR user details

Hello Team,

Can you help us with the query to schedule a report for the user details in cortex XDR.

using XDR to block older versions of an application

I'm attempting to use XDR to block older versions of an application, and only allow the few latest releases. There are hundreds of older versions of this application so blocking each one by hash is not really an option. Also the application's install

...

Resolved! Decoupling an alert from an incident

I have seen a few instances where an alert is incorrectly linked to an incident - for example, an incident might have 50 alerts from one host and only 1 from a second host, where the alerts don't appear for a common activity. The alerts are reasonab

...

Forensics Addon - Best practise licence and usage

Hello dear community,

how do we use this addon?

I had found a article about the forensics addon which said, you can also put this feature to an client/server after the incident etc. happened.

What is the difference between having this addon for all o

...

Cortex XDR don't alert when using WinPeas.bat

Good morning,
We have noticed that when using LinPEAS on Linux systems, Cortex XDR reacts, blocks and alerts. However, using WinPEAS bat script on Windows systems is not detected by Cortex. However winpeas.exe is blocked immediately.

For testing purp

...

Sharing various xql queries

This returns dns queries filtered by the domain name given in the variable.

config case_sensitive = false
| preset = network_story
| filter (dns_resolutions != null)
| arrayexpand dns_resolutions
| alter Resolution_Value = dns_resolutions -> value{

...

Domain Controller can't connect to the Broker VM for Windows Event Collector

Hi All,

we are facing an Issue with the WEC on the Broker VM. We configured the Domain Controller and enabled the WEC on the Broker VM.

We followed the installation guide which is refered in the Cortex XDR.

The Domain Controller shows in the log

...

Resolved! IOC Upload through API - Expiration date

Hello dear community!

my ps script is ready to upload IOCs. One of my questions how fast the expiration date eraser is triggered in the dashboard?

In the last case it took two days.

This one is still active, but the expiration date is in the past

...

Discussions

Resolved! Query for listing installed VPN's in organization

Blocking Bluetooth From Cortex

Disable feature Initiate Live Terminal

Resolved! Cortex XDR Host Firewall behavior Question

Resolved! Cortex XDR Live Terminal Session - Can you disable the agent notification?

Resolved! Agent Upgrade Failure

Ongoing Failure in Correlation Rules? View --> No Failure Reasons found

Scheduled report for cortex XDR user details

using XDR to block older versions of an application

Resolved! Decoupling an alert from an incident

Forensics Addon - Best practise licence and usage

Cortex XDR don't alert when using WinPeas.bat

Sharing various xql queries

Domain Controller can't connect to the Broker VM for Windows Event Collector

Resolved! IOC Upload through API - Expiration date

Integrate palo alto firewall with cortex xdr for utilize EDLs

Cortex XDR installation ended prematurely

Find the responsible application in Windows for making malicious DNS requests

Email_data dataset empty

Suspicious domain suffix with a rare user agent - Explanation

Required Windows Event IDs for the best Cortex XDR detection performance

Re: xql query for file \ folder name.

Re: xql query for file \ folder name.

Re: Integrate palo alto firewall with cortex xdr for utilize EDLs

Re: Find the responsible application in Windows for making malicious DNS requests

Unlock your full community experience!

Resolved! Query for listing installed VPN's in organization

Resolved! Cortex XDR Host Firewall behavior Question

Resolved! Cortex XDR Live Terminal Session - Can you disable the agent notification?

Resolved! Agent Upgrade Failure

Resolved! Decoupling an alert from an incident

Resolved! IOC Upload through API - Expiration date