Detect where a process has been killed

We have a scenario where users are able to kill a certain process to bypass security.

How can we leverage XDR to detect where the specific process name has been killed and, ideally, prevent it?

I thought maybe an IOC or BIOC but the IOC doesn't seem

Cortex XDR service getting stoppage on machines

why the Monitoring agent service getting stopped on Hosts. When we checked the logs of some machines we got this error " XDR service cyserver was stopped on ABCDdesktop. Could you please explain 

cortex xdr agent causing noticable heating on endpoints

Hi all, 

has anyone encountered a heating issue on endpoints with XDR installed? My IT team tells me that a lot of users in the organisation are complaining about their endpoints heating up after the XDR was installed, both on mac and windows. I'd li

Compliance Process

Hello,

What are the services/features which should be running by Cortex XDR for compliance.

Also, is XDR in high availability(HA) mode? If yes can you suggest where we can see this 

Query related to FQDN

Can you please help how can we configure FQDN for production and DR broker VM servers in the Domain controllers?

Compliance Processes for Cortex XDR

Hi Team,

Our internal team is going to enable the feature “Secure Compliance Check” for end users who are working from home. They have enabled feature for other AV solution. Also we want to add the service for "Cortex XDR". There are multiple servi

Learning Behaviour of Cortex XDR

Hello,

We know that cortex XDR takes atleast one month to learn behaviour and then not throw similar alerts.

1. On what basis is this behaviour learning happening upon?

2. Is it based on just the Host or initiator processes that are taking place?

3

Can someone give an example of get_endpoint that works?

I tried 

$payload = '{"request_data" : {"search_from" : 0,"sort" : {"field" : "last_seen","keyword" : "desc"},"filters" : [ {"field" : "endpoint_id","value" : [ "connected", "connected" ], "operator" : "lte"}, {"field" : "endpoint_id","value" : [ "co

Pull data from XDR through API

Hello,

Is there a limit to pull data from  XDR through API?

I understand that query through API has limit but what if we are pulling endpoint information/alerts/incidents through it?

Agent Cleaner

Hello,

Where can I find the agent cleaner file for agents(servers and workstations) running on 7.7 agent version ?

Cortex XDR quarantined Chrome

Anyone else running into this today?

Prevention Information:
Prevention date: Wednesday, February 8, 2023
Prevention time: 1:36:40 PM
OS version: 10.0.22621
Component: Hash Control
Cortex XDR code: C0400055
Prevention description: Suspicious executable

How to Install and Uninstall Cortex XDR?

Hello,

Can you please help with documentation or steps on how to uninstall and install Cortex XDR in servers and workstations?