The error message is that Cortex XDR requires Azure Code Signing support. See Microsoft KB5022661 for details. The I navigated to https://support.microsoft.com/en-gb/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-fa1e-4ea
...
Is there a greater benefit to enabling the Quarantine setting versus the Block setting across the different modules in the Cortex XDR Malware profile? It is my understanding that both/either will result in the expected protective action (i.e. a poten
...
We want to deploy Cortex XDR agents to our Intune managed mobile phone devices (both ios & android). Is there any guide available to do that?
Hello, I will be using Cortex XDR to scan files in my project (Spring based project) while uploading.
I was searching for a JAVA API which can be used to call Cortex XDR endpoints but couldnt find anything.
Does any one has idea about same ?
Hi all,
The Broker VM lost connection and displayed the warning "API Key Expired" on the XDR console.
I tried to log in to the Broker VM Web UI to re-register the Broker, but I couldn't connect.
When I opened the Broker VM, I encountered this scree
...
Hello,
By checking a specific Analytics BIOC Rule, I see that it has created several alerts in the past. Some of these alerts have been associated to an incident id. These incidents contain only that specific alert and no insights.
Why the specific
...
Hi,
I excluded an alert from an incident.
But i am not able to see that exclusion being created under Settings > Exceptions Configuration > Alert Exclusions.
May i know why?
Kindly help.
@mcooley
Thanks,
Nithin
We have a security camera server that's been throwing out low memory resource messages and the company that provides the software claims that Cortex XDR endpoint client is causing memory leaks. There are no incidents being triggered by this server a
...
From few days getting the alerts under the "Masquerading" alert name. when we analyzed we observed there is a .exe file creation in the sysmon folder with the long string "C:\Sysmon\2BE609177094318EA49602B566942D95E6C81494161F8EC8A3AA6AE26FFCDD14F8F5
...
Dear Team,
I have a cortex xdr 7.5.3.60113 cannot uninstall.
all service has been disable. somehow, i uninstall it untill 99%. it will rollback.
Could you please advise how to uninstall it completely or any uninstall cleaner can provide? thank you.
B
...
Hey all,
Does anyone have experience with turning auto quarantine on?
I don't see much documentation on it but I'm assuming its as simple as quarantining the files associated with Wildfire verdicts.
We're looking to set up recurring malware scans
...
Dear LIVEcommunity,
I've been wondering about using XQL query to locate locked AD accounts. Been looking at the dataset "msft_azure_ad_raw" which contained Azure AD Authentication Logs and have no success so far. FYI, We also ingest data via Cloud
...
Hi,
Is it possible to find computers which have specific registry key set to particular value using Cortex XDR? I'm not looking for registry modification just for existence. If so, could you tell me how to do this please?
Hello dear community,
If we choose to gather forensic artefacts from a WEC, which event logs will be forwarded? Only the one of the machine or all the collected logs from the forwarders?
BR
Rob
Hello everyone,
Over the last two months we are having constant issues with Cortex and Kandji playing nice together. Before that everything was working without any issue for at least half a year, if not longer.
What happens is the following: Kandji g
...
reaper
on:
block powershell but allow only specific powershell script
