Resolved! Host Field is not listed - Cortex XDR Prevent
Greetings ,
So if there is a alert/incident and no 'Host' listed , anyway to find it ? What other approach can be used if Hostname cannot be found for some reason . Thanks in advance
Discussions
Resolved! Which alerts/incidents need attention ,monitoring , review and response ? How to filter ?
We are in process of moving from Traps 4.x to Cortex XDR Prevent . As we are onboarding endpoints we are seeing alerts generated in our Dashboard . So alerts are clubbed as Incidents . So as we onboard endpoints the number of Incidents is increasing
...Resolved! Cortex XDR black screen after windows login
We have about 8 Windows 10 computers that have Cortex XDR installed. When the user can login but Windows only displays a black screen, you can bring up the task manager with Ctrl+Shift+Esc. I have tried to stop and restart explorer.exe but not luck
...False positive detection
I'm representing a productivity management software manufacturer and I'm sumbitting this request to report that our software is being flagged as malware, but this result is a false positive. Please, can you help us?
- File HASH: 8475477dd7cdb0493e2d5d
Usercentric.Exe on MS Teams
Hi,
There are recent articles on MS Teams security incident. Attackers attach usercentric.exe files to Teams chats to install a Trojan on the end-user's computer. This Trojan is then used to install malware that self-administers the computer.
Does Co
...Cortex XDR Delete Malware
Hello
i see alert malware in incident report . how i can delete malware from Cortex XDR admin portal.
Agent version 7.0.2
Resolved! Log360 Syslog
I'm trying to connect Cortex XDR to my Syslog server which is Log360. I have a public IP NATed to the internal server and have opened the firewall to our tenant IPs.
The test message sends from the Cortex end but at the moment I can see nothing in Log
...XDR external syslog encryption
Hi all,
Im trying to set up encrypted communication to a syslog server from the XDR using a self signed certificate.
However I cant seem to get it to work - the XDR says that no connection is available.
I should note that without the certificate, on reg
...Resolved! Understanding xdr licensing
I am reviewing my organizations XDR licenses and noticed that the dashboard seems to be reporting an inaccurate amount of licenses used. We only have 146 endpoints in our environment. We have approximately 125 non-persistent VDI workstations. However
...Resolved! Cortex XDR and windows Install folder
Hello,
we started to have Cortex XDR alerts for *.tmp files, which refer to the C:\Windows\Install folder.
e.g. C:\Windows\Installer\MSI53B1.tmp
Wildfire report says its Malware based probably on the:
Attempted to sleep for a long period | Medium
Ma...
cyvrlpc.sys caused a bugcheck (BSOD) on Server 2012 R2
We use Cortex XDR 7.5.x and unexpectedly we have at least 1 system which faulted the whole OS and it rebooted due to a bugcheck, blue screen of death. After debugging the minidump file, it indicates that cyvrlpc.sys caused this BSOD.
Why would this h
...Dynamic endpoint groups using OUs stored in Azure AD
Hi all,
My question is if there is any way to synchronize the OUs stored in an Azure AD into the cortex XDR pro to then create dynamic Endpoint Groups using that OUs. The synchronization between Cortex and Azure is successfull but I can't see any OU.
...Cortex XDR Exclusions vs Exceptions
Hello all,
Exclusions versus Exceptions, why is excluding an alert so much easier than creating an exception when it should be the opposite?
According to Palo Alto, "If you do not want Cortex XDR to display alerts that match certain criteria, you ca
...Searching Endpoints
If I want to search all endpoints for foobar.txt in XQL what would that look like? I've tried to search for the hash
dataset = endpoints
| filter sha256() = "90be1c2c0fc5c36b3e10dcd89a8cda61462cb420a043a5759a7e1e3bba3eee38"
The file path and neither s
...Different process exception on Exception Profile and Folder Allow List on Malware profile
Hi Expert,
Please give me advice, So I have assesment for exclusion folder and file .exe and file etc extension.
The asessment from Sophos for agent existing my customer.
The example exclusion files like a below :
C:\Windows\System32\backgroundTaskHos
...
Copyright 2007 - 2022 - Palo Alto Networks
