Please help with, Cortex XDR query to efficiently filter incidents with high and medium severity with artifact.

Hi Family , 

Please provide a Cortex XDR  query to efficiently filter incidents with high and medium severity, including artifacts, dates, endpoint names, and IP addresses.

Cortex XDR 

regards 

We config WEC in broker vm in that we followed every confi but we rea getting below erro

19/01/2024 11:31:34            209 Information      The Winrm service started successfully
19/01/2024 11:31:34            208 Information      The Winrm service is starting
19/01/2024 11:31:33            212 Information      The Winrm service was stopp

Data Ingestion License Violation

After our Cortex XDR tenant was upgraded to 3.9 we started receiving the following error: "License Violation warning Based on a 7 day average calculation from February 24th 2024 to March 1st 2024, your daily ingestion quota is exceeded."

Looking at

Mobile iOS install with InTune

Hey everyone,

Is there a way to bypass the onboarding wizard screens that you see when setting up the app and just configure it with Intune? If not, we'll have to manually walk through these settings on potentially thousands of devices.

Create a ".bat" file for installing XDR on Windows machines

Dear Team,

The customer is trying to deploy the XDR agent on multiple Windows devices through the SCCM tool, but first, he wants to create a .bat file format of the agent to push installation through the centralized tool.

Can anyone help me on ho

Cortex Xdr is capable DLP?

Hi
I have a doubt about cortex-XDR. That is, my entity was implemented in cortex-XDR, but I have to know if XDR has a capability with DLP. Can I use XDR for DLP?

Regards,

Salivan

XDR Capability

Hi All,

Does XDR have below capabilities - 

• Network traffic analysis
• Digital Forensic capability

I know it has DF with the pro license, just wanted to know more about it also can we just click on it an enable it on the license page or does it requi

How to use XQL to search for cloud inventory assets?

Does anyone knows which is the dataset for cloud inventory?
I cant seem to find the dataset meant for cloud inventory specifically for AWS.

Does anyone know if this is even available for xql searches?

Also, I cant seem to have asset widget for manag

XQL to detect the ScreenConnect Client in response to CVE-2024-1709 and CVE-2024-1708

On February 19th ConnectWise released a security bulletin and update for their ScreenConnect software.  https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8
On February 20th ConnectWise announced that exploitat

Cortex XDR 8.2.0 and 8.2.1 Threat Alerts QRadar DSM Not Mapping in QRadar

We have Cortex XDR 8.2.0 and 8.2.1 agents (with plans to upgrade to 8.3.0) and the threat alert logs sent to QRadar are no longer categorized properly.  The events are categorized by QRadar as "unknown".  Are there any plans to update the DSM Cortex

Issue with Cortex XDR Windows Portable Device Policy Not Working

Hi community,

We have assigned the Windows Portable Device block policy to some endpoints. However, we have observed that USBs are still accessible on those machines.

For future troubleshooting, we need to verify whether the policy is correctly a

XQL newbie

Hello everyone.

We recently upgraded to Pro and this XQL stuff looks like an entirely different language to me still. I need some help if possible in getting started.

I'm looking to build two queries.

1) I need to go through our AD infrastructure (