Searching for multiple hashes on cortex XDR

Does anyone know a way to search for multiple hashes on Cortex XDR?

file_search = existing_files does not allow any operators other than "=" for the sha values and you can't string multiple in a query. 

I feel like I'm missing something and there sho

Confirmed issues with some identity threat modules and risk management dashboard

Hello everyone!

Recently, I have been learning about the Identity Analytics feature in Cortex XDR.

After enabling Identity Analytics, I found that not every tenant presents the same interface.

I found that the following UI features are not identica

Changing cortex installation directory in Linux

Hi All,

Need some help!

We have a Linux instance where the opt/ folder size is 2 GB and the recommended disk quota by Cortex is 5 GB. We can not resize it.

Do anyone know if there is a way to change the installation directory of Cortex from /opt to

Detection of various open source apps

Hi All,

We want alerts to be triggered for various open-source applications like NodeJS, Nginx, Python, etc.

Kindly let me know how we can achieve this.

Thanks

Sorting out generic website fw rules

Hey everyone,

We are trying to sort out generic firewall alerts that we get as the incidents.

Currently, when there's site blocked that someone browsed through, we get the incident to check for it.

I would like to implement some correlation rule that w

What is /opt/traps/analyzerd/clad?

Hello

We run several Linux Servers with XDR on it.

11 out of those Linux Zoo, we get an Insident of our Monitoring, claiming, that there are double processes running:

3587 /opt/traps/analyzerd/clad -n clad -c 197:requests -- --log-level 7 --max-w

cortex xdr not able to connect to server

hello, 

i'm facing an issue with cortex xdr agent, it's not able not connect to server , protection mode is always disable.

but internet connexion is allowed to this server.

any help please.

BR.

Cortex XDR unmanaged assets search with XQL

Hello Everyone,

I have a following question: Since XDR agents are able to detect unmanaged assets in their network (without Broker VM), how can I get that information via XQL ? 

Any information will be usefully.

Thank you

usb usage

Is there a feature in Cortex that allows us to monitor which endpoints use USB to transfer data?

Access to live terminal with dual control

For legal reasons in our organization we have servers that can only be accessed in administrator mode if another authorized person authorizes access. That is, under no circumstances can a single person get administrator permissions.

Following this po

Folder and File exclusions wildcard question

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Malware-Security-Profile

The docs says: 

(Optional) Add files and folders to your allow list to exclude them from the examination.

Identifying Endpoints with WSL Installed from Host Insights

Hello all,

is there a way to find all endpoints that have WSL installed on them? Does Host Insights provide this or would I have to run endpoint scripts in order to retrieve this information? If so can someone please provide an examples?

Many thanks