XQL to detect the ScreenConnect Client in response to CVE-2024-1709 and CVE-2024-1708

On February 19th ConnectWise released a security bulletin and update for their ScreenConnect software.  https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
On February 20th ConnectWise announced that exploitat

Cortex XDR 8.2.0 and 8.2.1 Threat Alerts QRadar DSM Not Mapping in QRadar

We have Cortex XDR 8.2.0 and 8.2.1 agents (with plans to upgrade to 8.3.0) and the threat alert logs sent to QRadar are no longer categorized properly.  The events are categorized by QRadar as "unknown".  Are there any plans to update the DSM Cortex

Issue with Cortex XDR Windows Portable Device Policy Not Working

Hi community,

We have assigned the Windows Portable Device block policy to some endpoints. However, we have observed that USBs are still accessible on those machines.

For future troubleshooting, we need to verify whether the policy is correctly a

XQL newbie

Hello everyone.

We recently upgraded to Pro and this XQL stuff looks like an entirely different language to me still. I need some help if possible in getting started.

I'm looking to build two queries.

1) I need to go through our AD infrastructure (

Unconventional GP upgrade through XDR action script - works, but could use optimization.

I have a script to silently upgrade GlobalProtect clients to 6.2.2 using an msi, while avoiding disconnecting active users and reboots.  It's simple and it works, but I looking to improve it by having successful upgrade status or reason for failure r

cyvrlpc.sys caused BSODs on Windows 10 after update

Hi all, 

some of the users reported a BSOD after updating their Win10 endpoints. I'm thinking this might be due to the incompatibility between the driver and newest OS updates or something similar (looking into the stop code). 
 
Stop code: DRIVER_IRQL_

Cortex XDR missing powershell logging

I'm doing some Powershell detection testing and I noticed that when I open the Powershell GUI in windows and run a command below it doesn't trigger a Powershell detection.  However, when I add powershell in front of the command it does trigger an eve

Slow Dashboard in Cortex XDR Version 3.9

Hi Community! Our Tenant was recently updated to XDR version 3.9 and since then the main dashboard seems to be much slower and unresponsive. Anyone else in the community experiencing this? I have been testing using Edge and chrome the quick launcher

Downloaded tar file contains a broken cortex.conf with deb-package

I've now finally sucessfully installed Cortex XDR in an Ubuntu-22.04 image in WSL2 in Windows 11.

However the provided cortex.conf file in the tar-file is missing a newline on the last line of the file, making it not work properly.

Editing the file a

Can we run the XDR on separate port apart from 443?

Hello All,

For 1 server we are facing the compatibility issue as the port 443 is required to upload some data for business purpose and that port is also required for the communication of Cortex agent with cortex server.

Can we use some other port