Detect user who moved a folder using XDR and XQL

Hi everyone,

I need help identifying which user moved a specific folder from a network share to another location. The only information I currently have is:

• The old folder path (e.g., \\server\share\oldfolder)
• The new folder path (e.g., \\server\users\

Cortex XDR "The target location already contains a file named" problem

Hi, 

I have a problem after installing the XDR Cortex agent.

Windows 10,11. When trying to copy any file to the network share (Synology), which was created on the workstation after the agent installation, I receive the message "The destination alread

Full disk access requirement on macos agent

Hi team

A couple of questions here:

1) Is full disk access required for agents running on macOS Sonoma and Sequoia?

2) What is the meaning of "Requires full disk access: False" in the "cytool status" output? (screenshot attached)
The endpoint we

HELP With XQL Query to fetch All Assets

Hello Everyone, 
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets. 

Thank you 

Cortex XDR 

Excluding Pentera Box

I am looking to make an exclusion or suppression of some sort for alerts generated by our Pentera Security Validation Tool. I have a SSL certificate loaded into Pentera so I can filter by that certificate if I can. However for the Vulnerability Scans

Configuring Exceptions for Different Modules

Hello guys

I need to add exceptions for Windows HyperV servers.... and I have 2 questions:

Question 1

I need to add exceptions base on extensions...*.bin, *.vhdx, *.avhd.... etc, and exceptions base on process for instance Vmms.exe, VMwp.exe...

Problems updating the agent

Hello colleagues!

I'm having trouble updating my agents to versions 8.7 and 8.8. The current versions are 8.5 and 8.6.

When performing the update, the following error appears:

"The content package was faulty or could not be downloaded."

Check

content update issues on XDR 7.9CE

Hi everyone. 

Have anyone had issues with 7.9CE version about the content updates? I mean, the agents are not downloading the  CUs. I even tried to install the agent on a win 7 VM and it installs indeed but doesn't download content updates. It is w

User Message on IOC trigger

Hi,

We have enabled user notifications in agent profile settings, when an event like malware detection occurs it is displayed to the user immediately. However, it does not show a notification for an IOC. Can we make a message appear for an IOC even

Toutrial: Detecting Tor Traffic in XSIAM

Hi Everyone, 

Some members in the community have recently been exploring ways to detect Tor traffic within their environments. I’ve spent some time working on a solution to this challenge, and I wanted to turn that work into a dedicated post so mor

Find USB mounted storage devices on Windows and macOS

Hi All, looking for some help here. We've been using a query a colleague wrote to find computers with USB's mounted. 

This is the query: 

// Description: Show drive mount activity

dataset = xdr_data

| filter event_type = ENUM.MOUNT

| alter mount_po

Repeated False Incidents with Unknown Verdicts

Hi everyone,

I’m currently facing an issue with Cortex XDR where I regularly receive incidents flagged as suspicious,

This particular one shows:

• WF (WildFire) Verdict: Unknown

• VT (VirusTotal): 0/64 detections

Every week, I keep seeing similar in