How to find duplicates incidents

Hello! I would like to ask if anyone can help me find duplicate incidents based on key value pairs in Context data?

Parsing rule for tagging data from a specific broker-vm

reminder for subscription renewal

I'd would like to to know if any reminder process is in place for up coming subcription renewals. We had a cortex edr subscription and the subcription didnt generate any warnings (neither visual within the portal nor a via an enail) and silently we

Scan SharePoint Sites or other cloud storage using Cortex

Dear community,

Recently I noticed there are some suspicious files in some of our SharePoint folders. I'm wondering if it's possible to somehow scan SharePoint sites, network shares, or even other cloud storage using Cortex!

BR,

Storage Device Management

We are in the process of blocking USB Storage devices using Cortex XDR. We have the Device Configuration Extension Policy setup with the settings we want. The issue that we have is that it can only be Allowed or Blocked. How can we set to just monito

Broker VM || SYSLOG APPLET

Hi All,

We have deployed broker vm and enabled syslog applet and configured the broker vm ip as remote host in one of our linux server and IBM guardium database activity monitoring tool but we are unable to see the logs in the console.

unkonwn_unkno

Migración de NXS - Broker VM

En mi organización tenemos equipos que no tiene salida directa a internet, y para ello utilizamos Broker VM.

Por temas asociados a Infraestructura, se están migrando servidores de NSX. Desde esa área me comentaron que para realizar esta migración, cl

XQL or API access to Vulnerability Assessments

Is it possible to access the vulnerability assessments via XQL and/or API

I've been tasked with looking at the possiblity of taking the CVE lists from vulnerability assessment and matching them to MS KB. I don't want to be manually running reports

Delete detected infected file

We have malicious file detection on the clients. When they try to execute a task, Cortex blocks the action, but not the malicious file.

Could we have any documentation on how to delete the detected malicious file?

Thanks

How to Identify Endpoints triggering Application Restriction Profile

We have created a restriction profile to block executing an application by specifying the exe path in the file path configuration. This profile has been applied to all our endpoint groups to enforce application blocking globally.
We can view the numbe

Exploits Protection interfering with browser launch

Has anyone ever experienced an issue where, after installing the XDR agent on an endpoint (host), Microsoft Edge could no longer open?

Here’s the situation: one of our customers installed the agent, and afterward, their laptop was unable to launch Ed

Create ticket in external ticketing system when an incident is generated?

I'm trying to figure out if it's possible to have Cortex XDR create a ticket in our ticketing system via Web API when an incident is generated.

I know it's possible to send a slack message when an alert is generated, then use slack to call the API,