also how to get visibility into the browser extensions used through Cortex XDR ?
There is one Top 10 Incidents widget provided in Dashboard builder which provides list of top incidents in last 24 hrs only, can anyone help me how to get data for last 30 days. Cortex XDR
Hi,
I need to create a brute force rule.
When endpoints with tag "CRITICAL" has "action_evtlog_description = An account failed to log on" and has more than 50 logs, create a CRITICAL alert.
Could you help pls.
Regards,
Hello -
On step 16 of Add a New Malware Security Profile (Prevent), there is a note:
We recommend that you disable scheduled scanning. VDI machine scans are based on the golden image and additional files will be examined upon execution.
I'm assum
...
Hello Team,
Hi,
I need to get failed logins from critical assets.
So I was trying to get tag "CRITICAL" in endpoints dataset and if there are any "event_type = ENUM.EVENT_LOG and action_evtlog_event_id = 4625 in xdr_data dataset.
Could you help pls
We are facing trouble installing Cortex xdr on one of the LInux server nor able to geenrate logs.
Attaching error picture for reference.
Hello,
There is an issue with one of the BIOC rules provided by Palo Alto. Specifically in the rule with Global ID "94fed992-c1da-4b69-9caa-292221b8c070".
The wildcards for the command line arguments that this rule intents to detect, are off. To be p
...
Hello,
I'm trying to connect an integration with our Cortex XDR for retrieving a file and its details. The only endpoint I see in the API docs that reference this action is the File Retrieval Details which uses the group_action_id from a different
...
There is a PowerShell script that we would like to use within XDR. I understand that XDR currently is not able to run PowerShell scripts, the problem is I am not a coder. I have been trying to learn how to convert our script to Python but I am just a
...
Hello dear Community!
We habe seen, the updgrade on 7.9.1.26645 or a following policy update changed something on our server with DB and Application.
Our application (DB on the same machine) is much slower, than before 07.03. Every step takes n
...
Hello dear community,
I know now, if you have less licences than installed agents, somehow they are degraded to Prevent.
Can we see somewhere which one is degraded to Prevent version?
How is degrading happen and where can I see it?
BR
Rob
We are trying to find out ASN number, Organization Name, Location, City, Country for public IPs. Below is our query just in case:
Note: The query which we ran is applied on interface which are receiving public facing IPs. We filtered that part of t
...
Is it possible to group alerts which are not part of incident ?
Regards,
Shashank
