Cortex XDR Discussions

How to (temporarily) disable security in Cortex XDR to be able to update the client from outside the Console

Hello team,

We need to know how to disable (temporarily) the security in Cortex XDR to be able to update the client from outside the Console.

The updates from the console are causing us blue screens and we want to test it using scripts when shutting

How much resource consumed by XDR agent

Hello, 

Just wondering how much resource (CPU, Memory, Bandwidth) will be consumed on Windows agent normally? 

what is the  bandwidth requirement per 1000 agents? Defference with or without brokervm? 
Thanks,

SdG

Cortex XDR 

Cortex host insight Vulnerability Assessment average severity score

trying to find XQL query that will take all of our severity scores and give us a average and send that to report. I cant seem find the dataset 

Not very good with XQL at this time. maybe someone from the community can help

dataset = host_inventory
|

XQL query time setting

Hi!

I want to make a report that generates every month and it contains the previous month's data. My problem is that i cannot make it to be created on the first day of the month. So I tried to make the XQL query to work with the previous month's data

Temporary Session installation type

We have a large Citrix farm with session hosts and non-persistent servers. We are using the TS_ENABLED=1 switch when installing the agent but the console is showing standard installation and not Temporary session. 

I am trying to figure out what th

File retrieval in user context

Hello,

Is it possible to retrieve a file which is only accessible in user's context? I have an incident which user opened a file from a network mapped drive. That drive might not be accessible by anyone except for the user.

Which user context is us

XDR Collector DNS

Does anyone know if there is a native DNS collector, similar to the DHCP Collector Agent, for Cortex XDR ? My goal is to enrich XDR with more DNS-related information.

Mac Cortex XDR Upgrade causing Device Freezing

Hello,

My organisation is currently running Cortex XDR 8.6.0 on Sequoia. We're finding that when performing upgrades of the application via the Console or by Jamf that the who device will freeze for 15+ seconds.

We're in an environment where we'r

Why there are no related alerts on scanned malicious files.

Hi, we have recently malware scanned an endpoint and upon checking the results, it appears that there were 3 malicious files on the host.

Now, I tried to right click and view related alerts on the 3 malicious files and it just shows nothing. What's

Discrepancy Between Connected Endpoints and License Usage in Cortex XDR

Hi Team,

We have observed that the Cortex XDR management console shows a total of 385 connected and disconnected endpoints. However, the Cortex XDR license usage is showing 348. How is this possible? Please explain.

Zulu Time and Convert

so my goals is to convert a jsonextract of a few time stamps:
I want to combine them and make a total hours. so start time and expiration time = how many hours total. I cant seem to get the time formatting from a string or I am doing something wrong