Pull data from  XDR through API

Is there a limit to pull data from  XDR through API?

I understand that query through API has limit but what if we are pulling endpoint information/alerts/incidents through it?

Endpoint tags on Cortex XDR

Hello,

In alerts, we are observing the endpoint tags and groups are being represented as numerical values. Why is this happening? 

Full path not always available for mouse capture

Good morning.  The provided image is a screencap which appears when I select a single Result in an Incident.  Notice that I used the mouse to select the entirety of the path which appears in the browser, while the hover shows that there's much more p

export/view information about Windows endpoints missing with KB

Hi,

I'd like to know how I can export/view information about Windows endpoints that do not apply with specific KB by specific ENDPOINT GROUPS. I can only filter by CVES or ENDPOINTS from the Vulnerability Assessment but not with KBs.

My second ques

Artifacts Query

Assume alert has been generated in the XDR, if the IP involved in the artifacts are raised as malicious or suspicious by some of the security vendors in the VT(virus total) or shown as malware by wildfire. Is that really the IP is suspicious? Please

Source IP Restriction Cortex XDR APP affects API Communication?

Hello dear Community,

Does the source IP restriction in the security App settings affect the API communication?

BR

Rob 

File lookup

Is it possible to check if a file is present on any system in network through Cortex XDR based on file name or the hash value of the file.

Endpoints not showing on console

Hi, 

Cortex XDR is installed on the client's endpoints but it is not visible on our console, what could be the possible reason behind this?

Thanks

Compatibility of Linux OS on Cortex XDR

Hello,

Can you please help us in knowing if  Linux AIX, Solaris, and Power Linux compatible with Cortex XDR?

If yes what all versions of there is supported.

xdr_data dataset only returns nulls

Any idea why this might be happening?

I am expecting to see data from my Cisco ASA firewalls, XDR Agents and hopefully some causality/actor information.  I only get Nulls.

Alerts on Cortex XDR Console

Hello,

What is the importance of alerts in cortex XDR? Do we need to work on all the alerts, as we get overwhelmed by the number of alerts.

What is the best practice to fine-tune the alerts so that no important alerts are missed.Is there any document

Weekly Scans in XDR

Hello,

Can we know the drawbacks of performing weekly scans on all endpoints in XDR. Why is it not recommended to perform weekly scan on all endpoints?