Hello.
In XDR Broker VM i enable proxy server and configure as follows:
Type:HTTP
Address: 192.168.6.167
Port: 8080
But it is not work and in configuration status i see "in progress" even through 3-4 hours.
I want to know if is there anybody who configur
...
Hello,
We want to uninstall an agent from MacOS, but we do not have the admin password. And we can't reset the password because the tenant was deleted it. So the agent does not have administration from web console.
I try with "Passowrd1", it doesn't
...
We are in the process of updating our endpoint XDR agents from 7.2 to 7.3.1. We are testing on a small pilot group and finding that scripts and executables that we previously ran are now being blocked. Granted some these scripts are stopping and st
...
Hello!
My question is about Windows Event Collector.
Why we need Windows Event Collector? Don't XDR Agents collects all needed information from Windows endpoints? Can Windows Event Collector give us useful information than Agents?
We have some systems that are locked-down with software that prevents modifications to files/directories, and I'm wondering what are the paths that Cortex needs to be able to modify? For example, when it downloads the latest definitions, what does it
...
Join our AMA session on 5/4 from 8 AM - 10 AM PST and get answers to your questions about Alerts for Cortex XDR!
For details, please review this article.
To participate in this event, please join the discussion.
We can't wait to guide your Cortex
...
why? When installing the cortex XDR agent on redhat, a user "cortexuser" is created, what it does and what privileges this user has. Is it necessary for cortex execution?
DTRH: Finding New XQL Fields and Joining Data
I was trying to look at some user login information through XQL and I started poking around the different fields that were being returned. I began one of the user login sample queries available in the q
...
Dears
Is there any tutorial how to install Cortex XDR in AWS elastic beanstalk server?
Thanks
Hi community,
Does anyone know how to create dynamic group using define alphabet in the endpoint name.
For example, my endpoints name is ABCP7ABC. I want to create a dynamic group just showing endpoints that have P7 after the first 3 character and not
...
Hi Everyone:
Does anyone know where I can find Behavioral Threat Protection (BTP) rules?
For example, a behavioral threat is detected (rule: pp.epm_for_malware_behavior_j01)
or Behavior threat detected (rule: bioc.pp.ransom_prevention_final)
What do thes
...
Hi All,
We need to upgrade the cortex agent from version 7.1 to 7.3 via console. My concern is how can we exclude a certain range of endpoints (Suppose we have 5000 endpoints and we want to exclude 800 endpoints) from upgrading.
I have created an end
...
Hello, I regularly reinstall my endpoints. This creates duplicates for me and it's difficult to locate all the duplicates. Is there a query to see all endpoints as duplicates?
Hello.
I can not see any logs in my Cortex Data Lake. Also when i go to Explorer app in Hub it is empty. Firewall Logs is also seem empty( I forward logs to Data Lake with Broker VM from Fortigate). Can anybody explain me this situation?
NOTE: I
...
Hi,
We have been asked to whitelist a specified folder in order to disable any kind of real-time checks and analysis made by Cortex XDR.
So, we added the aforementioned folder in the allow lists of "Portable Executable and DLL Examination" and "Behav
...
