What Integration support Playbook on Cortex XDR 4.x

Hi everyone,

I would like to know what  Integration support  or list for playbook on cortex xdr 4.x I find official not found 

Thank you

XQL - "After hours" query

This is a fairly dataset agnostic query snippet to look for events "after hours". You'll need to define what that means and also convert the time zone to your local time. This might not work if you're using UTC in the console, I'm not sure there. 

How to sizing pro per gb

Hi Expert ,

I would like to know about how to sizing pro per gb i know about if would like size ngfw refer with sls-sizing-estimator and lps per model but it seems like when i calculate is a huge size i'm not sure how to actually size and another l

Slow get_alerts API response / Validity check

Hi all,

I’m integrating Cortex XDR APIs and want to validate the get_alerts endpoint for connectivity and credentials.

I’ve already tested the get_incidents endpoint, and it works fine with our API keys.

When I call get_alerts, it always takes ~50

SHOW ALL ALERT

Greetings everyone.

I'm having a problem with Cortex XDR. Low-level security events aren't appearing on the dashboard; only medium, high, and critical ones do.

I'd like all alerts to appear on the dashboard. I only see low-level alerts when I go

I want to block certain certutil commands from being executed through the BIOC Rule

Unable to get it why the below BIOC rule can't be added into the restrictions policy. I was trying to write a BIOC rule for monitoring dropped files via certutil. : 

dataset = xdr_data

| filter event_type = 2 and event_sub_type = ENUM.NETWORK_STREA

Cortex XDR blocking wps

Why is cortex xdr blocking wpscloudsvr.exe and wps.exe? In the artifacts there is also this: "kaccountsdk.dll". To me they all seem genuine, or am I missing something?
Also the initial cmd is confusing:
""C:\Users\a\AppData\Local\Kingsoft\WPS Office\12

Experience with Enabling IP Restriction for Cortex XDR Console Access Message:

Hi,

I’m planning to enable the IP restriction (Approved IP Ranges / Allowed Sessions) feature for Cortex XDR console access. I already know where the option is located, but I’d like to hear from others who have enabled it.

• What was your experience w

After the Cortex XDR agent is installed, there is a volume shadow copy issue on the endpoint.

The VSS service on the endpoint is configured with a startup type set to Automatic. VSS operates normally until the Cortex XDR agent is installed. However, after the agent is installed for the first time, VSS fails to stay active despite its automati

How to Block Mobile Phones (iPhone/Android) via USB Using Device Control

Hi everyone,

I'm currently working on a Device Control policy in Cortex XDR and I need to block mobile phones (iPhones, Android devices, etc.) when they are connected via USB — similar to how USB drives and external disks can be blocked.

I understa

Restrict traffic to public IP addresses with Cortex

I have dual homed systems with one of the IP addresses being publicly routable due to a cellular connection. My goal is to use Cortex to block traffic destined to those public IPs. An XQL query has been constructed to match traffic I would like to bl

Cortext Modifying App Java Threads Without Warning

Cortex is currently messing with a java app at a customer site.

We have a tomcat-based java app that we take to market. Cortex is currently messing with it. Cortex on, our app has issues. Cortex off, our app runs fine. Copy the entire folder and ru