Cortex XDR Discussions

Resolved! ServiceNow CMDB integration and how to use it according to best practise

Hi,
we have successfuly integrated ServiceNow CMDB into Cortex XDR and have fetched data to datasets servicenow_cmdb_*.

We did not find in the Admin guide information how and if those ServiceNow CMDB data will be propagated into Asset information i

...

Batch file creation in MAC to Fore Reconnect Cortex Agent

Hi Everyone,

I would like to force reconnect the workstation that is in old Cortex Tenant to the new Cortex Tenant we have.

Is is possible to create a batch file for this so it can help us to work easily? is the .bat format applicable in MAC OS?

...

XQL Query to view the "Incident Name"

Hi People,

I was wondering if anyone could assist me with XQL Query to display the Incident name. Please refer to the attached photo to get an idea of what I am trying to achieve. I have used the xdr_data dataset, however i cannot find the relevan

...

XQL query to retrive endpoint data from data lake

Can anyone help me how to retrive endpoint logs from data lake via XQL

Resolved! Correlation rules and BIOCs

Hi,

What correlation rules and BIOCs created manually do you suggest?

Regards,

Fábio Ferreira

Cortex Agent Best Practice Customization for Terminal servers & DC Servers

Hi,

Is there any Cortex agent customization suggested or best practice docs for Windows Terminal servers and Windows DC Servers

Cannot remove/install xdr agent

Hi everybody !

I would like to find out how to download the XdrAgentCleaner.exe to remove cleanely old xdr cortex agent ?
We have several computers on which we cannot uninstall the old agent, you will find the message attached.

I have already follow

...

How to remove Cortex without Management

Existe uma forma de forçar a remoção do Cortex 7.9 do ambiente que eu não tenho mais senhas de gerenciamento ou remoção, já que o parceiro rescindiu o contrato e não forneceu o mesmo.

Resolved! Broker VM connection issue

Hi Community

We're facing an connection issue with Endpoints using Broker VMs (agent proxy). We opened a TAC case, but it's stuck. There is no useful help yet.

- Endpoints are isolated from the internet (no direct or webproxy access)
- Endpoints are

...

Integrate the BVM server with SIEM

Hello Team,

We need to change rsyslog.conf file. Please let us know if this file can be changed and is it recommended to integrate the BVM server with the SIEM?

Cortex XDR 8.1 not installing on Windows Server 2008 R2/2012 windows 10_v1607

Hi,

We've a problem with installation cortex xdr 8.1 on Windows Server 2008/2012 and Windows10_v1607....
All machine need the AZURE update https://support.microsoft.com/en-us/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-f

...

IOC Feed upload via API / disabled IOC overwrite / reactivate

Hello dear community,

is it possible not to overwrite disabled IOC with API Upload? If the indicator is disabled, it should stay disabled. But atm it isn't like that, the indicator is beeing deleted, written into the ioc table and get's activated

...

Resolved! Generate private & public keys for broker VM

How to generate private and public key pair for accessing DR broker VM and let us know how to use the key pair to access the BVM.

Resolved! Cortex XDR Prevent to Pro

Hi,

ill soon have to migrate a customer from prevent to pro. My question is i heard, that Palo just has to change the license in the background and that would be all i just have to enable the pro feature in the policy. My only concern is, that the

...

Linux audit logs

Hello ,

How can we check on XDR who is logging in on Linux systems ?

Discussions

Resolved! ServiceNow CMDB integration and how to use it according to best practise

Batch file creation in MAC to Fore Reconnect Cortex Agent

XQL Query to view the "Incident Name"