Detection of various open source apps

Hi All,

We want alerts to be triggered for various open-source applications like NodeJS, Nginx, Python, etc.

Kindly let me know how we can achieve this.

Thanks

Sorting out generic website fw rules

Hey everyone,

We are trying to sort out generic firewall alerts that we get as the incidents.

Currently, when there's site blocked that someone browsed through, we get the incident to check for it.

I would like to implement some correlation rule that w

What is /opt/traps/analyzerd/clad?

Hello

We run several Linux Servers with XDR on it.

11 out of those Linux Zoo, we get an Insident of our Monitoring, claiming, that there are double processes running:

3587 /opt/traps/analyzerd/clad -n clad -c 197:requests -- --log-level 7 --max-w

cortex xdr not able to connect to server

hello, 

i'm facing an issue with cortex xdr agent, it's not able not connect to server , protection mode is always disable.

but internet connexion is allowed to this server.

any help please.

BR.

Cortex XDR unmanaged assets search with XQL

Hello Everyone,

I have a following question: Since XDR agents are able to detect unmanaged assets in their network (without Broker VM), how can I get that information via XQL ? 

Any information will be usefully.

Thank you

usb usage

Is there a feature in Cortex that allows us to monitor which endpoints use USB to transfer data?

Access to live terminal with dual control

For legal reasons in our organization we have servers that can only be accessed in administrator mode if another authorized person authorizes access. That is, under no circumstances can a single person get administrator permissions.

Following this po

Folder and File exclusions wildcard question

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Malware-Security-Profile

The docs says: 

(Optional) Add files and folders to your allow list to exclude them from the examination.

Identifying Endpoints with WSL Installed from Host Insights

Hello all,

is there a way to find all endpoints that have WSL installed on them? Does Host Insights provide this or would I have to run endpoint scripts in order to retrieve this information? If so can someone please provide an examples?

Many thanks

MSI stolen certificate alerts

Today we started to get alerts for all our MSI laptops with the reason: "Behavioral threat detected (rule: msi_stolen_certificate.1)". The alerts trigger on the MSI software installed on the latops, like "MSI center", or "One dragon center".

Are th

PAN NGFW into XDR best practices

Hi there, 

We have have recently started ingesting PAN NGFW logs into XDR, however they're generating a lot of incidents, for now I have excluded - prevented/terminated events, does anyone have any information on best practices, useful ways to use

cortex xdr script

1. any script library on GitHub

2. how to download detailed reports as CSV.

Deploying Cortex XDR via AutoPilot

I've been trying to configure Cortex XDR version 8.0.1.33809 to be deployed when configuring a laptop with autopilot. I downloaded the agent directly from Cortex XDR, configured it with the intune app creator to convert from an .msi file to a .intune