Cortex XDR Agent certificate enforcement

Hi Team,

I have enabled the Cortex XDR agent settings for certificate enforcement. However, endpoints are showing as only partially protected, and the Operational Status Details indicate that certificate enforcement is disabled against policy (Failed

Add large IOC to block list

Guys, 

I need your help, I need to upload 500 IOCs to the block list.
Is there any option to upload IOCs in bulk or I have upload one by one?

Cortex XDR 

Group events with xql bin stage

Hi everyone

I try to count some events per day and used the bin stage to do this. It does work to group the events together but the time is wrong. For example an event at 00:30 will count for the day before (probably because of the timezone). I tri

Service Interruption and Telemetry Issues on Cortex Installation (RHEL 9.4)

I'm facing issues with my Cortex install on a RHEL 9.4 system.
Agent version 8.4.0.123787

Kernel version 5.14.0-427.35.1.el9_4.x86_64

Some services are stopped and not restarting:

• Command Run:
   

  sudo /opt/traps/bin/cytool runtime query
• Stopped Serv

Create link on the dashboard

Hi all,

I have created a simple custom Dashboard using a custom Widget. I want to put a link to endpoint table filtered by the result (result is the agent name), like the links on the default "Agent Management" dashboard. Does anyone know how to?

Cortex XDR XQL query to check which user is elevating access in linux

Hello Team , 

I am trying to write a XQL query to check which user is elevating access in Linux. 

can someone please help to write this query ?

Thanks in advance.

Cortex XDR  #XQL

Issues with Mass Uninstallation of Cortex XDR Agents via SCCM

Cortex XDR sometimes have these stubborn machines that refuse to upgrade to the latest versions.

what are ways you use to alleviate this issue? Mine is SCCM.

I am trying to automate the mass uninstallation of older versions of Cortex XDR agents via SC

Can't uninstall old cortex xdr version

i have install cortex xdr on linux (7.9 version) ,  the service can't start. i try to uninstall old version or upgrade the version to 8.1.1 , but it show below error. Pls help me to fix the error. 

[root@MOFVM068 bin]# ./cytool runtime start all
Red

XDR Acting as Application Control for Linux

Hi Community, 

I've managed to transform Palo Alto Networks' Cortex XDR into an effective application control solution for Linux based on the hashes of the files. 

Has anyone else tried this method previously?

Disabled Capabilities of XDR on instaallation

Hi all,

in one of our customers with the installation of XDR agent version 8.5 the Response Capabilities (File Retrieval, Live Terminal, Script Execution) were disabled from the very beginning on many of the endpoints. As there is no other way, the