Real time compliance of endpoints which goes under disconnected and connection lost state

Hi,

Can we get real time compliance report of endpoints which goes under disconnected and connection lost state at that time only

or can we create any rule by XQL query, when the systems are going in disconnected and connection lost state.

agent not auto upgrading

We're currently encountering problems with some of our endpoints as our agents are not upgrading. Do you have any suggestions on how to resolve this issue? and its support acs signature 

Need to automate ingesting IOCs to Cortex XDR using Microsoft Sentinel or other means

Cortex XDR 

High memory utilization

Hello,

We are experiencing high disk space and high memory utilization on servers .

How to stop endpoint data collection in cortex xdr?

Can we delete data from traps folder?If yes what all files we can delete ?

How can we lower disk space utilization

My "User Login Expiration" settings are not updating

I changed my User Login Expiration settings from 8 to 10 hours to accommodate my workday. After a week it has still not changed. It's small, but bugging me. Has anyone else seen this?

SAML SSO configuration error - JumpCloud (Third-Party IDP Provider)

Hi All,

We have setup SAML SSO but receiving an 'Unauthorized.Error 4014' error.

The following configuration was made:

IDP provider:

Cortex XDR SSO configuration:

Unfortunately we receive the below error:

Would anyone know whats occ

Find Endpoint Serial no

Any option to find the endpoint serial no on cortex console  currently we are using the cortex pro per endpoint

Blocking Powershell Execution

Hi,

Is it possible to block PowerShell execution on all endpoints through CortexXDR, if possible kindly give the process to do the same?

Thanks 

Blocking of Powershell execution

Hello,

We need to block PowerShell executions on the some endpoints.  how can we block Powershell dll files so that PowerShell cannot be loaded.

We have created a BIOC rule and it is flagging legitimate Powershell executions also. Can we exclude

'Failed Connections' alerts detected by XDR Analytics on 9 hosts involving user nt authority\system

Hi we have multiple  failed connections from one host to several local IP

  below cmd was in initiator 

C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc

High RAM usage reaching up to 600 mb on Microsoft Windows Server 2019 Datacenter

We have a amazon EC2 server with 16GB ram, but the cortex agent is consuming more than 500 mb sometimes.

Can any one answer what is the normal ram usage for cortex agent?

version Cortex XDR 7.9.1.26645