Resolved! Serial Number of endpoints
Hi All,
Does the Cortex XDR agent fetches endpoint serial number ?
If yes, where I can find it in the XDR console(Under which field).
Thanks in advance !!
Discussions
Resolved! Alerts retention duration in Cortex XDR
Hi !
Does anyone know how long alerts/incidents will be visible in Cortex XDR ?
In our tenant we have alerts older than 1 year and I was wondering if they disappear after some time or if they will be accessible forever but I can't find this informati
...XDR allwoing blocked files to run
Hello,
Even though we have added the file hash to the BLOCK LIST, XDR still alllows the process to run. Does someone know the reason for why this is occuring.
Action_File_Size for event_sub_type Create
When running a query for Files
The file size when the sub type is "create" is always 0
When sub_type is "open" it does show the correct file size
Is the file size not available during a create event?
Resolved! Create report that shows new incidents based on a specific Incident Source
Hey!
We have different teams looking at different incident sources.
Is there a way to report a widget or report that displays new incidents coming in for a specific Incident Source?
Example:
Only XDR Analytic BIOC alerts would show up in this f
...
XQL query for hunting MS-DFSNM
Hello dear community,
has anyone of you a XQL Query for this type of attack?
https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/
BR
Rob
Can Cortex XDR proactively log Global Protect client debug?
We have several hundred Global Protect users using Auto VPN. It would be nice to
see their global protect logs, ipconfig /all, netstat -rn information before calling them
back on a filed ticket. Can Cortex collect these logs on a regular basis without
...Blocking executions without showing any alerts
Hello , is there any way in cortex XDR to block executions without whitelisting/blocking the hash/file path and not get
any incident or alert and at the same time.
Resolved! Not see any information on Host Insights
Hi,
I turn on the Host Insights free trial and not see any information on Host Insights,
when i did that to other customers ther all working well but at this one its not working, what is the problem?
i did calculated again, i turn that on week ago.
Broker VM questions - Tenant switch for agent
Hello
Please share any experience or advice for below situation and how best to approach this .
Currently agents are connected to UK Cortex XDR tenant via a Broker VM installed on premise . Now the need is to use EU Cortex XDR tenant ,this will
...Security Test / poor result
Hello dear Community!
Does this result reflect the strenght of PA Cortex XDR?
https://papers.vx-underground.org/papers/Malware%20Defense/AV%20Tech/An%20Empirical%20Assessment%20of%20Endpoint%20Security%20Systems%20Against%20Advanced%20Persistent%2
...Adding a list when applying a filter
Is there a way to take a list and apply as a filter, without adding each one separately
For example, below pasting in a list of endpoint names. instead of typing each one individually
Correlation Rule for services
Is it possible to create a correlation rule to identify when new services are present on an endpoint
For example,
Create a correlation rule ,using a query that returns all services on an endpoint, that creates a new data set of the results..say there a
...Resolved! Move newly installed agents(hosts) to a specific endpoint group automatically without admin intervention
Hi All,
We are trying to move around 2000+ hosts to cortex XDR. We have started installing agents in a phase-wise approach not all at once.
Also, have created a specific endpoint group with customized prevention policies.
Now the problem is that the a
...
- nsinghvirk on: Cortex XDR _USB Blocking Levels
- RFeyertag on: Cortex XDR Latest Version - SQL Server Performance Issues
-
reaper
on:
block powershell but allow only specific powershell script
- aspatil on: Exception with Windows Environment Variable
- aspatil on: XQL query for cloud assets
- jtalton on: XDR Usecase Creation | XDR Rule
- jtalton on: Reg: Display Callouts for Cortex XDR graph
- RashidAfandiyev on: Cortex XDR - Endpoint Group changes notification contain problem
- jtalton on: Constant Cortex XDR Agent upgrades
- nsinghvirk on: Need the details regarding Cortex XDR agent traffic to internet or broker VM
