Cortex XDR Discussions

Resolved! Cortex XDR Pro - Server installations - still running Windows Defender (not Firewall)

Hello dear community,

what is your expirience with running MsMpEng.exe on Windows Server OS, while using Cortex XDR?

In my case the Windows Clients don't run MsMpEng.exe while Cortex XDR is running, but the server do so.

What is the difference he

...

Resolved! Cortex XDR iOS Agent

Does anyone have any information on creating an App Configuration Policy in Intune to push the Distribution ID and Username to the iOS XDR Agent on an iPhone/iPad?

Resolved! Agent Version - 8.1

Hi All,

Has the agent version 8.1 been released? as per the documentation it was released on June 25th but I am unable to see it on the console.

Thanks

Alert for internet down on site x (disconnected state)

Hello dear community,

we have a couple of sites, which sometimes do not have a internet connection, because the provider has issues.

Is there a way to get an alert, when a boundle of agents is not reachable at the same time (disconnected)?

I can

...

Whitelisting of files under legacy agent exception

Hello Team,

- For exceptions, whether we have to create rule for each of the module profiles to whiltelist the file path?

- Is there any way that we can create only one and it applies to all other pofiles.

Resolved! Cortex XDR Agent restricts mobile phones from transferring data to PC through USB

Hi everyone!

Customer needs: when all mobile phones are connected to a PC through USB, only data from the phone is allowed to be transferred to the PC, and data from the PC is not allowed to be transferred to the phone, which means the phone is in

...

Resolved! Cortex XDR

We have configured checkpoint firewall CEF log forwarding to Cortex XDR. Please provide a sample field for CEF-formatted logs.

Resolved! When Broker VM cannot connect to Paloalto Cloud Console, how to enable its Local Agent Settings service

Hello, everyone

Does anyone know how to use the SSH command to execute commands to the Broker VM, so that the Broker VM can start the Local Agent Settings service even when it cannot connect to the Paloalto Cloud Console.

Because we have customers

...

CORTEX XDR - Best practices

Hi everyone !

I'm a beginner on CORTEX XDR, and need some help for 2 things !

- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many differen

...

Resolved! XQL datasets

Is there a comprehensive document containing all the datasets that are currently available? We've noticed that datasets such as "incidents_artifacts" or "incidents" are not displayed in the autofill text in XQL. We would greatly appreciate having a c

...

Creating an Exception Rule for a PT Automation System

I have recently encountered a unique use case; we are working with a PT Automation System in which PT attacks are simulated on endpoints within the organization. This is causing quite a ruckus on the XDR tenant as expected in terms of alerts. Is ther

...

Allow based on certifcate issuer?

We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previousl

...

Resolved! Broker VM offline in Cortex XDR

Hello

I've a broker VM that is offline in Cortex XDR, do I need to remove the offline broker VM from Cortex XDR then register it?

Resolved! Response Action

There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.

Which application access should ideally be provided in it.

Thanks

Network Location Files in Restrictions Profile

Hello Team,

Could you please provide the benefits of Network Location Files in restriction profile.

Discussions