Blocking connections to malicious IP address?

Hello, 

I have a question. I have Cortex XDR agents installed on my endpoints. I just recently also installed Forti Analyzer and it detected some potential malicious IP addresses that my endpoints have connections to. I wonder why Cortex XDR cannot

Need help with BruteForce XQL query

Hi i am trying to craft a query for bruteforce based on 30min timeframe with threshold of more than 5 failed login attempts. But i am having trouble figuring out how to configure the logs for a 7 Days monitoring.

Please kindly help me refine the qu

Cortex XDR Installation Error

I am trying to install Cortex XDR in Windows 10, but I'm getting the following error: I tried different versions as well. Could anyone please provide guidance on this?

Thumb drive auto-scan

Can we force XDR to scan a USB drive when it is connected to a PC with the agent installed? Using XDR Pro.

path exclusion for scans do not work

Hello to all,

I am experiencing a problem on a machine where scans are pushing the overall CPU load to 100% for several minutes to several hours and only slowly decreasing.

This causes problems for the use of the Syngo.Via software installed on thi

CIE integration

In case of hybrid environment,Can we send data to CIE instance from both Azure AD as well as on-prem AD as it supports both.

Or it is enough if we send data only from on-prem AD alone.

XDR Shadow Copy use case

Could someone please share any related documents or use cases for the Shadow Copy in XDR? We have gone through the Administrative guide, but we were unable to find many details about how it works. Additionally, we would like to know how we can backup

E-Mail Notifications or Alert triggering only im specific time ranges

Hello dear community, 

we need to trigger alerts only in specific time ranges. Like only at weekend or weekdays from 5 in the evening until 6 in the morning. 

In the working hours it is possible admins with the identity of the user are triggering a

Dynamic endpoint groups using OUs stored in Azure AD

Hi all,

My question is if there is any way to synchronize the OUs stored in an Azure AD into the cortex XDR pro to then create dynamic Endpoint Groups using that OUs. The synchronization between Cortex and Azure is successfull but I can't see any OU.

BrokerVM FQDN configuration impacts?

Hello, 

Regarding BrokerVM FQDN configuration the docs & BrokerVM  configuration page states:
"The Broker VM FQDN settings affect the WEC and Agent Installer and Content Caching."

How does it exactly impact the Agent Installer?

Cortex XDR 

Windows 10 , 2 Clients won't start from Testgroup of 5 Clients after Update Cortex XDR 8.3.1 to 8.4.1

Hi,

I have arequest. We were informed to upgrade to Cortex XDR 8.4.1.

In our Testgroup of 5 Clients, 2 Clients aren't working anymore.

Windows 10 , 2 Clients won't start after Update Cortex XDR 8.3.1 to 8.4.1

3 Clients with Windowss 10 are still

Change Management Server for offline agents

Dear XDR gurus,

We want to change the management server from an old tenant to a new tenant, it is simple for the agents are online by selecting the agent, Alt+Right click and select change management server.

However, it is possible  a way to change m

Material for PSE Cortex Professional certification

Hi all,

Have any of you obtained the PSE - Cortex Professional certification? If so, what material did you use? Is the study guide sufficient?

Thanks