Ongoing Failure in Correlation Rules? View --> No Failure Reasons found

Hello dear Community, 

does anyone of know, how to check what kind of error this was? My correlation Rules are not showing any error/failure Reason

No management and agent log entry. This error is invisible for us!

BR

Rob

Scheduled report for cortex XDR user details

Hello Team,

Can you help us with the query to schedule a report for the user details in cortex XDR.

using XDR to block older versions of an application

I'm attempting to use XDR to block older versions of an application, and only allow the few latest releases. There are hundreds of older versions of this application so blocking each one by hash is not really an option. Also the application's install

Forensics Addon - Best practise licence and usage

Hello dear community, 

how do we use this addon? 

I had found a article about the forensics addon which said, you can also put this feature to an client/server after the incident etc. happened.

What is the difference between having this addon for all o

Cortex XDR don't alert when using WinPeas.bat

Good morning,
We have noticed that when using LinPEAS on Linux systems, Cortex XDR reacts, blocks and alerts. However, using WinPEAS bat script on Windows systems is not detected by Cortex. However winpeas.exe is blocked immediately. 

For testing purp

Sharing various xql queries

This returns dns queries filtered by the domain name given in the variable.

config case_sensitive = false
| preset = network_story
| filter (dns_resolutions != null)
| arrayexpand dns_resolutions
| alter Resolution_Value = dns_resolutions -> value{

Domain Controller can't connect to the Broker VM for Windows Event Collector

Hi All,

we are facing an Issue with the WEC on the Broker VM. We configured the Domain Controller and enabled the WEC on the Broker VM.

We followed the installation guide which is refered in the Cortex XDR. 

The Domain Controller shows in the log

How to change agent password

Hello,

How to change agent password in cortex XDR for few servers and endpoints not for all the agents.

Regards,

Shashank

How to Troubleshooting

Investigating detected alerts for alerts up in XDR.

I want to know reason detected using support files.

Would you please kindly how to getting detect a reason it.

Check IP reputation through IOC

Hi,

I need to create a XQL or something in Cortex XDR, where I get IP address from O365 logs and check if match with IOCs I have in Cortex XDR.

Could you help

Regards,

Fábio Ferreira

Cortex XDR protection against Double DLL Sideloading

Does Cortex XDR provide protection against the  Double DLL Sideloading to evade detection? 

https://www.bleepingcomputer.com/news/security/hackers-start-using-double-dll-sideloading-to-evade-detection/