How to fine-tune the incidents similar incidents. We have added the hash and file path of such incidents on allow list and used the feature to exclude alerts. Still, we see incidents getting triggered.
Hello,
Since upgrading our endpoints to version 7.9, we keep getting popups that Windows Defender is blocking some applications and now our endpoint support personnel is no longer able to make the needed changes to the local firewalls for the user.
...
Does anyone have a template or advice for best practices configuring the host firewall?
I want to block a remote IP Which the user been trying to connect, How can I block that remote IP. Please let us know the path for it.
Hello Team,
Can you please help us with some latest use cases.
And if possible Industry-Specific Use Cases focusing on the finance sector.
Also how to fine-tune similar kinds of incidents? Tried to whitelist the exe but incidents still trigger.
Hello,
Even after installing cortex xdr on linux server it is not reflecting on console . We have tried to cytool reconnect force ,we checked comaptible(it is compatible) we tried runtime stop/start command as well.
The services dypd, analyzerd and i
...
What is the difference between canceled scan, pending cancellation and pending scan with respect to endpoint scaning ?
None: No scan initiated
Pending- Scan was initiated ,waiting for action to reach endpoint
In Progress- Scan is in progress
Success-
Hello,
Could you please help us to understand few queries related to exceptions:
1. How do we create global exceptions for the file paths.
2. Adding exceptions for the files in endpoint scanning module of the profile will only exclude these files
Hello,
We need to add a global exceptions on the paths. Currently we have added file paths in endpoint scanning allow list. So can you confirm if we exclude in this scan does it applicable for other profile like Portable Executable and DLL Examinat
...
Hello dear community,
how much is the limit size for uploading IOC files? Mine is about 90 MB.
BR
Rob
I want to know the maximum number of IOC hash that can be stored in the blocklist of the Cortex XDR Platform.
I want a reply from the Paloalto official. Thanks.
Hello dear community,
I've read something about uploading IOCs and I would like to know, if they also work retrospectively?
How else?
Do I create/upload an IOC and these will only be triggerd, when this IOC is seen in the future?
Here are some
...
Hello ,
How much disk space should be ideally assigned in cortex XDR agent setting for XDR agent logs? by default it seems palo alto has set 5000 Mb space . does reducing this space affects the performance of the system or functionality of cortex
...
Hello ,
is there anyone aware for the methods to apply and remove the tags to multiple endpoints in cortex xdr without using any filters.
Cortex XDR
If anything needed executable are blocked by the XDR previous we used to add that ***.exe in malware profile. But now we faced that issue that client has connected the clickshare(PC Screen Share) Equipment as it's an external equipment connected to U
...
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
