Hello Community,
Was wondering whether someone could assit me with an issue.
So at the moment i cannot make any search via the "Query Builder".
When i move to query center and create a custom query i can only return results when i search "dataset = pan_
When running this XQL query if I add event_sub_type to the filter it fails to run
I can run the query without any filters, and then add the event_sub_type column without issues
dataset = xdr_data
| filter event_type = ENUM.FILE and (event_sub_type =
Hello,
Is there any option available to upgrade agent from local agent console? (Eg: If local IT team can upgrade agent from endpoint directly)
Thanks
Hello dear community,
Has anyone build a xql query for this case:
https://www.sentinelone.com/blog/living-off-windows-defender-lockbit-ransomware-sideloads-cobalt-strike-through-microsoft-security-tool/
Should this help?
https://live.paloaltonet
...
I downloaded and setup the Broker VM Virtual machine in Hyper V on a server 2016 computer, I log into the IP address, go through the setup steps, test my connection to the time server, then click register and paste the token from the page I got the V
...
Hi Peeps,
So XQL has this call function to fetch results from a saved query in the query library. Lets take this for example:
call "All appdata executions for the past 30 days"
Now, the problem is that my saved query is waiting for a parameter
...
Hello ,
We are facing an issue where an endpoint will be reflected on XDR console but after some time the same endpoint will not be seen on the console . Somehow it will come again after a while or a day or two. Does anyone know why this might be h
...
Hi. We recently we have acquired a solution to test our systems.
In one of the tests, we have detected that Cortex does not detect attacks, such as using util control with .net injection.
The test machine has created a malware profile with everything l
Hello .
Is there a way to create AMIs to be added to the already existing AMIs which can be deployed to the servers so that Cortex XDR agent gets installed automatically without manual intervention.
Thanks
Hi All,
Is there a way to export all the alert data which appears below Causality chain like network connections, registry changes, etc ?
I don't see any download or export icon on the right-hand side of the pane.
Do we have any other way to e
...
Hello dear live Community!
I found a very interesting link on Twitter and would like to know if there is any detection and/or prevention for this technique?
https://synzack.github.io/Blinding-EDR-On-Windows/
BR
Rob
Hello ,
Is there a way where we can automatically assign an endpoint when its added to XDR based on its name into a specific group or tag
Thanks.
Hi All,
We have started noticing duplicate endpoint entries in the "All Endpoints" section.
After checking all the fields we found that there are different endpoint_ids for the same endpoint name.
What could be the reason behind the creation of thes
We have several Client PCs, Laptops as spare and Client PCs / Laptops on construction sites without internet access that have Cortex XDR installed.
They can only get online in uneven intervals, sometimes several months so they get removed from the te
...
Hi Guys,
Sort of new to XDR does anyone have any good xql queries for detecting assets without cortex agents installed and if the cyserver service has stopped working?
Thanks
