Cortex XDR Discussions

Resolved! Exception Exploit Module

Hello Community,

I would like to create an exception rule for an IIS worker process w3wp.exe, which module would be the appropriate one where the exception would reside.

Based on the documentation here EXPLOIT SECURITY POLICY offers protection ag

...

Resolved! Server in the DMZ- unable to Live Terminal Into

All,

When looking through the log file of the agent, I ran across this. Can anyone tell me what its for and why is it missing? This was a fresh install of the latest Cortex agent. Thanks.

Payload archive file \"C:\\ProgramData\\Cyvera\\LocalSyste

...

Auto Resume protection

For some reason we paused the protection on the endpoint, Is there any option to auto resume the protection?

How to use XQL parse_timestamp

I am trying to convert a string to a timestamp object and cannot understand how the parse_timestamp function works.

My string is as follow :

"2023-08-17T17:40:38.000246+0300"

My XQL query is as follow :

alter

timestamp = parse_timestamp("%Y-%m-%d

...

XDR agent Auto upgrade Schedule settings in agent configurations

We recently enabled Auto upgrade on our system.

We selected " Only maintenance releases in a specific version " configured the agent Configurations as below:

Although when I checked the Agent audit logs I see that the upgrades started at Aug 17th 20

...

Resolved! Cortex XDR 7.9 CE not installing on Windows Server 2008 R2

Hi,

There is Windows Server 2008 R2 server which had Cortex XDR 7.9 installed. As this version is end of support in next few weeks, I decided to install 7.9 CE, which according to compatibility matrix:

Windows • Cortex XDR Compatibility Matrix • Re

...

XQL - list of processes, which were not started/launched in the last XX days

Hello dear community,

I would like to have a list of processes which were not started/launched in the past XX days. I think it would be nice to know, which processes are brand new etc.

Will this work with XQL and how?

BR

Rob

Resolved! How to convert Cortex XDR agent to Critical Environment version

Hi

We have server which has Cortex XDR agent 7.9, as we can't upgrade and the end of support for this version is 11 of September 2023 I want to convert it to 7.9-CE which gives me additional time. I checked the documentation but can't find clear an

...

Beyond Corp configuration to use in Context-Aware Access

Hi,

I would like to know how I integrate Cortex XDR with Context-Aware Access from Google's Beyond Corp product.

Analyzing the existing documentation, I got the impression that I need to create a rule like this in CAA:

device.vendors["cortex"].is

...

Resolved! Cortex XDR on Ubuntu doesn't recognise vulnerabilities correctly

Hi,

Cortex XDR agent (version 8.1.0.107064) installed on fully patched Ubuntu server 22.04 doesn’t recognise vulnerabilities correctly. It shows over 330 false positives.

Some examples below:

CVE-2015-34-5 – ntp vulnerable version prior 4.2.8p2-RC2

...

2008 R2 OS version

HI Team

We have a servers in the console with 2008 R2 OS version, so when we tried to upgrade the XDR agent version on these servers through console getting "unsupported older OS version". If XDR agent version expires on the server or machine we don'

...

Consequences after XDR agent version is expired

If XDR agent version on the server or machine get expires, what are the consequences we encounter

Cortex XDR Pro per GB

I cannot find any information about in what steps the Pro per GB / day license can be ordered.

Is there a minimum amount that you have to buy?

Cortex XDR Pro should detect and control Backup Software and backup destinations.

Today, one of the most common techniques for a intruder today is to use a valid backup system to make a image of the system and in what way steal all the data of the server..

Werefore i want a new module in the Cortex XDR what will detect the backup

...

Resolved! Looking for documentation on all processes used by the Cortex XDR agent

Hi,

I have been searching for a list of all potential processes used by the Cortex XDR agent but have been unable to find this in the KB:s / Administration guide.
Does anyone know where this can be found?

We need this due to onboarding customers t

...

Discussions

Resolved! Exception Exploit Module

Resolved! Server in the DMZ- unable to Live Terminal Into

Auto Resume protection

How to use XQL parse_timestamp

XDR agent Auto upgrade Schedule settings in agent configurations

Resolved! Cortex XDR 7.9 CE not installing on Windows Server 2008 R2

XQL - list of processes, which were not started/launched in the last XX days

Resolved! How to convert Cortex XDR agent to Critical Environment version

Beyond Corp configuration to use in Context-Aware Access

Resolved! Cortex XDR on Ubuntu doesn't recognise vulnerabilities correctly

2008 R2 OS version

Consequences after XDR agent version is expired

Cortex XDR Pro per GB

Cortex XDR Pro should detect and control Backup Software and backup destinations.

Resolved! Looking for documentation on all processes used by the Cortex XDR agent

Incorrect Endpoint Type Reporting in Cortex for Ubuntu 24.04 LTS Machine

Keeping alive a program after closing Live Terminal

Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

how remove softwares with XDR

Cortex XDR agent deletion after a period of time

Re: Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Re: Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Re: Growth of ARM processors in Windows Ecosystem

Re: Cortex XDR login issue

Cortex XDR login issue

Unlock your full community experience!

Resolved! Exception Exploit Module

Resolved! Server in the DMZ- unable to Live Terminal Into

Resolved! Cortex XDR 7.9 CE not installing on Windows Server 2008 R2

Resolved! How to convert Cortex XDR agent to Critical Environment version

Resolved! Cortex XDR on Ubuntu doesn't recognise vulnerabilities correctly

Resolved! Looking for documentation on all processes used by the Cortex XDR agent