Resolved! Events That Cortex XDR is Logging

Hi everyone,

Does anyone have a list or any reference to a document where I can see which logs Cortex XDR is gathering from a Windows endpoint? For example, to clearly know, that XDR is gathering all file event types, process creations, gathering even

Resolved! C:\ProgramData\Cyvera\Ransomware folder

Hello there,

What is the purpose of this folder(C:\ProgramData\Cyvera\Ransomware) for Cyvera? Couldn't find even a mention for it so it decided to ask the community.

Thanks

Resolved! Create IoC to detect email address from O365 log

Hi,

I am adding an email as a IOC in Cortex XDR, but it is not being detected through O365 logs.

Could you help?

O365 log

fieldname : "sender"

data: "{"emailAddress":{"name":"XXXX","address":"xxxx@xpto.com"}}"

Regards,

Resolved! XDR Resource IPs for Connectivity to XDR Server

Dear experts, 

From the following resource table, two json tables for GCP are provided (one for Google subnet and another for Google IP range associated with my region)

Question:

For the connectivity, do we need to allow all GCP IP range (in the

Resolved! Agent v.7.9 Removed???

Hello experts,

From the matrix, v7.9 supposed to be the last version to support Win7, just found out 7.9 has been removed from the Agent installation while creating an installer. 

Do we need to "downgrade"/use much older v5.0 instead???  

Resolved! Hashes of the attachment from the o365 log

Dear community,

I've been evaluating the benefits of ingesting o365 logs so far. Seeking those who have the mentioned logs ingested into Cortex XDR -

does Cortex XDR review and raise alert using the hashes of the attachment if the attachment is a mal

Resolved! Requesting Clarity on XDR XQL API Logging (timeframe related)

Hello Team,

We are using XQL to query data from cortex API for windows event logs.

Our query run every 5 minutes and we have used parameter timeframe in the query. This parameter is provided in the API documentation.

However, when we pull the logs,

Resolved! Upgrade agent fails

Hi team

I am trying to update an agent but it shows me "the installer has timed out" on the logs, I checked upgrades logs and I see the next message "Distribution ID is missing from installation package" I thought that it could be an issue related to

Resolved! Windows Server 2008 and Cortex XDR 5.0

Hello,

Just to be sure. Are the Windows Server 2008 secured with the Cortex XDR 5.0 agent as the Windows Server 2003 are, until June 1, 2024 ?

I mean, it's not clear when I see that : 

Resolved! Cortex XDR Incident integration splunk tool

We are currently integrating the Cortex XDR incident logs with the Splunk tool. Currently, the incident logs are visible in the Splunk tool, but certain essential fields required for conducting an XDR log investigation are not available in the existi

Resolved! Difference between host_inventory and endpoint in XQL Query

Hello,

I'm trying to search for all installed vpn on endpoints using an XQL Query.

Before going further in my query, I'm trying to list all hosts where the application name contains "*vpn*".

This result and the result from host insight doing the