Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! install cortex aarch64

Hello,

we wonder if we can install cortex aarch64 on a raspbian.

Does anyone try that?

Thanks

Resolved! Cortex XDR Pro on Linux Mint

I am having an issue with an installation of XDR on Linux Mint 20.

I found this post with no resolution and one of the comments from @MartinSauer suggests someone else was seeing the same issue.

LIVEcommunity - ERROR:14090086:SSL routines: SSL3_GET_

...

Resolved! What are the capabilities of Cortex XDR without endpoint agents which ingest Logs and data From third EDR like MDE ?

Hello,

I'd like to hear from people who have worked with Cortex XDR without the Cortex XDR agent.

The scenario is as follows:
The machines (workstations and servers) are protected by a third-party EDR solution (e.g. Micrsoft Defender for Endpoint)

...

How to block Otter.ai bot feature through cortex xdr

Hello All,

Otter.ai is the one of the bot feature that automatically join the meetings and there is the no any software for the windows that software available for the mobile only .

Is there any way to block it through cortex XDR.

Thanks in adv

...

Mystic Stealer

Looking for information about Mystic Stealer. Does cortex have any content updates for it yet?

Resolved! Some Cortex XDR events are not displayed in the endpoint client's events tab

Hi,

We recently onboarded Cortex XDR and some of the detections are not displayed in the Cortex client's Events tab. But I can see them in the Cortex XDR console.

As an example I can see Prevented (Blocked) malware in both cloud console and the en

...

How to allow software for specific user

We are going to block the software by hash or process if in the future user requests an exception for a specific endpoint and how to create an exception for one particular endpoint and allow the software

SIEM Wazuh & Cortex XDR agent / Are there known issues running both agents?

Hello dear community!

Has anyone of you some expirience with Cortex XDR agent and Wazuh Agent?

We are discussing to setup wazuh as a SIEM, instead of splunk, Cortex DL, etc.

BR

Rob

Resolved! Clients/Server do not have assigned endpoint group ALERT / CORRELATION / XQL

Hello dear community,

I want to share with you my little XQL script which can identify and alert connected Clients which have no assigned endpoint group.

This can happen:

- Cortex is installed, but the endpoint name does not match the defined c

...

After not using a broker, the endpoints are unable to connect to the server.

Dear community,

I tried to make some agents connect directly to the server without using a broker.

However, it's not able not connect to server.

I referred to the practices of others, and tried executing "cytool reconnect force", but still couldn't

...

Resolved! How to automatically input the password when using the "cytool reconnect" command?

Hi everyone,

I want to run Cytool reconnect on multiple computers,

I tried the following

echo <password>| cytool reconnect force

it works, but still displays "Enter supervisor password:", so you still need to press enter to let it continue r

...

Resolved! XDR Agent auto update behaviour - Terminalserver / temporary session

Hello dear community,

we are running several terminal server (MS Windows) and we would like to now, why these ones (installed with TS_ENABLED=1) do not get upgraded automaticliy, when there is a new agent version available.

BR

Rob

DNS resolution was wrong for Firewall alerts

Dear LIVEcommunity,

Did anyone encounter problem such as hostname does not match with the IP address for alert ingested from NGFW?

This is especially true when come to host that doesn't have Cortex XDR agent installed. Now, if the host cannot insta

...

how to vie cloud identy engine logs on cortex

We successfully implemented the cloud identity engine on-prem and in the cloud, and we enabled the engine on the cortex as well, but we don't know how to view the logs. Could you please tell us where to look for the login logs on the cortex?

Number of incidents per month on cortex XDR

Hello,

Does anyone know how to generate a report of the number of incidents per month on cortex ?

I can only generate for the current month and not for the past months.

Thanks in advance.

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Resolved! install cortex aarch64

Resolved! Cortex XDR Pro on Linux Mint

Resolved! What are the capabilities of Cortex XDR without endpoint agents which ingest Logs and data From third EDR like MDE ?

How to block Otter.ai bot feature through cortex xdr

Mystic Stealer

Resolved! Some Cortex XDR events are not displayed in the endpoint client's events tab

How to allow software for specific user

SIEM Wazuh & Cortex XDR agent / Are there known issues running both agents?

Resolved! Clients/Server do not have assigned endpoint group ALERT / CORRELATION / XQL

After not using a broker, the endpoints are unable to connect to the server.

Resolved! How to automatically input the password when using the "cytool reconnect" command?

Resolved! XDR Agent auto update behaviour - Terminalserver / temporary session

DNS resolution was wrong for Firewall alerts

how to vie cloud identy engine logs on cortex

Number of incidents per month on cortex XDR

Cortex XDR - API Automation

Cortex not allowing specific Bluetooth devices to connect

XDR Agent on CIE server

Regarding the End of Life for Broker VM

Stopped services Cortex 8.9.0.136780

Re: Cortex XDR - API Automation

XDR Agent on CIE server

Re: Exploits Protection interfering with browser launch

Re: Cortex not allowing specific Bluetooth devices to connect

Re: Installing Cortex Agent on Linux LXD

Unlock your full community experience!

Rules and Best Practices

Resolved! install cortex aarch64

Resolved! Cortex XDR Pro on Linux Mint

Resolved! What are the capabilities of Cortex XDR without endpoint agents which ingest Logs and data From third EDR like MDE ?

Resolved! Some Cortex XDR events are not displayed in the endpoint client's events tab

Resolved! Clients/Server do not have assigned endpoint group ALERT / CORRELATION / XQL

Resolved! How to automatically input the password when using the "cytool reconnect" command?

Resolved! XDR Agent auto update behaviour - Terminalserver / temporary session