Hi community,
Wondering if anyone else is seeing BT alerts for sdiagnhost.exe appearing over the last 24 hours? We have had similar things occur in the past due to over excited signature updates cause false positives.
This process is one that MSDT
...
Hello dear community,
you know how to handle this svchost.exe without signature? In my opinion it is FP, but why?
Isn't it possible for the cortex agent to read the signature from svchost.exe in this case?
I tweaked the alert and gave it m
...
Hello dear community,
in my mount tests I could find out following:
- if you mount the same file name 2 times with different file data inside the iso, the alert isn't created because the file isn't beeing created. I think the recent folder is no
...
Hello dear community,
how can I find out with Cortex XDR PRO (non per TB, non connected Firewall, etc.), which data was uploaded in this example? Has anyone an idea or script to do so?
BR
Rob
Hello dear community,
what is the best way to setup a query for bioc to get an alert. Maybe correlation rule is a better place for my project?
It should alert, when a XLL File was written or read or deleted.
Should I setup a specific file location
...
