Cortex XDR Discussions

Security Channel Subscription Errors

Team,

While trying to collect logs from windows, one channel that is consistently resulting in errors is security channel. Systems and Applications work just fine eliminating any possibility connectivity or authentication issues. It is the security c

Cortex XDR Query for USB/External Drive Usage

Hi Family 

Good morning.

I am trying to filter the timeframe when a user last connected a USB flash drive or external hard drive using a Cortex XDR query. However, the following query did not return the expected results:

Issues with Mass Uninstallation of Cortex XDR Agents via SCCM

Cortex XDR sometimes have these stubborn machines that refuse to upgrade to the latest versions.

what are ways you use to alleviate this issue? Mine is SCCM.

I am trying to automate the mass uninstallation of older versions of Cortex XDR agents via SC

query to pull specific hosts for successful logins

Hello,

I'm using a canned library query called "Successful Windows Logins" This is a great query but how can I modify it so that its only looking at specific hosts vs all hosts? I can't figure out how to edit this. Can anyone help?

How to (temporarily) disable security in Cortex XDR to be able to update the client from outside the Console

Hello team,

We need to know how to disable (temporarily) the security in Cortex XDR to be able to update the client from outside the Console.

The updates from the console are causing us blue screens and we want to test it using scripts when shutting

How much resource consumed by XDR agent

Hello, 

Just wondering how much resource (CPU, Memory, Bandwidth) will be consumed on Windows agent normally? 

what is the  bandwidth requirement per 1000 agents? Defference with or without brokervm? 
Thanks,

SdG

Cortex XDR 

Cortex host insight Vulnerability Assessment average severity score

trying to find XQL query that will take all of our severity scores and give us a average and send that to report. I cant seem find the dataset 

Not very good with XQL at this time. maybe someone from the community can help

dataset = host_inventory
|

XQL query time setting

Hi!

I want to make a report that generates every month and it contains the previous month's data. My problem is that i cannot make it to be created on the first day of the month. So I tried to make the XQL query to work with the previous month's data

Temporary Session installation type

We have a large Citrix farm with session hosts and non-persistent servers. We are using the TS_ENABLED=1 switch when installing the agent but the console is showing standard installation and not Temporary session. 

I am trying to figure out what th

File retrieval in user context

Hello,

Is it possible to retrieve a file which is only accessible in user's context? I have an incident which user opened a file from a network mapped drive. That drive might not be accessible by anyone except for the user.

Which user context is us

XDR Collector DNS

Does anyone know if there is a native DNS collector, similar to the DHCP Collector Agent, for Cortex XDR ? My goal is to enrich XDR with more DNS-related information.