Showing Malware incident in the Dashboard
Hello, just want to showed the Malware incidents and the related-malware filename in the dashboard, what should i choose for the XQL.
thanks
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hello, just want to showed the Malware incidents and the related-malware filename in the dashboard, what should i choose for the XQL.
thanks
Palo Alto docs say this:
The Cortex XDR agent registers with the Windows Security Center as an official Antivirus (AV) software product. As a result, Windows shuts down Microsoft Defender on the endpoint automatically, except for endpoints that are
...
Hello
I'm looking for an autmoatisation, where I'm able to download the freshly created xdr-distribution-file.
In my Playbook I've created following steps:
xdr-get-distribution-versions
xdr-create-distribution
xdr-get-distribution-url
Now, the last step
...
Hi,
We can see user details are not getting captured in the XDR endpoints details, how does logged-in user details are captured?
Thanks
Dear Sir,
Please if anyone can help to advise the XQL query to create a custom report to capture the "File Delete" activities in one particular server?
I know we can create the same from Query Builder, but from Query Builder it will only return 10,00
...
Hi,
I can see that Agent version 8.1 was released on 25 of June (https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases) but I can't see it available on my portal. Could you tell me what have I misse
...
Hello dear community,
what is your expirience with running MsMpEng.exe on Windows Server OS, while using Cortex XDR?
In my case the Windows Clients don't run MsMpEng.exe while Cortex XDR is running, but the server do so.
What is the difference he
...
Does anyone have any information on creating an App Configuration Policy in Intune to push the Distribution ID and Username to the iOS XDR Agent on an iPhone/iPad?
Hi All,
Has the agent version 8.1 been released? as per the documentation it was released on June 25th but I am unable to see it on the console.
Thanks
Hello dear community,
we have a couple of sites, which sometimes do not have a internet connection, because the provider has issues.
Is there a way to get an alert, when a boundle of agents is not reachable at the same time (disconnected)?
I can
...
Hello Team,
- For exceptions, whether we have to create rule for each of the module profiles to whiltelist the file path?
- Is there any way that we can create only one and it applies to all other pofiles.
Hi everyone!
Customer needs: when all mobile phones are connected to a PC through USB, only data from the phone is allowed to be transferred to the PC, and data from the PC is not allowed to be transferred to the phone, which means the phone is in
...We have configured checkpoint firewall CEF log forwarding to Cortex XDR. Please provide a sample field for CEF-formatted logs.
Hello, everyone
Does anyone know how to use the SSH command to execute commands to the Broker VM, so that the Broker VM can start the Local Agent Settings service even when it cannot connect to the Paloalto Cloud Console.
Because we have customers
...
Hi everyone !
I'm a beginner on CORTEX XDR, and need some help for 2 things !
- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many differen
...Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |