External Alerts Mapping, Alerts are always assembled to one Incident

Hello,

I have a little issue and I don´t know how to solve it.

Hopefully someone knows a hidden or 'unofficial' feature of XDR regarding this.

Briefly explained the structual background:
I am logging from diffrent Forti Firewalls into the XDR, thi

May this cmd for password query could find into a content update?

https://twitter.com/VirtualAllocEx/status/1599048829084794880?s=20&t=V1OyrvuCbhYez-wkSXNk1A

Or ist there a rule ready for this?

BR

Rob

XQL Query DNS resolutions

I'm attempting to pull out the name, type, and value from the dns_resolutions data

The below query results in "FAILED TO RUN QUERY" with no data, removing the alters does return data however no fields available return "value" in the dns_resolutions 

PoC - Using Cortex XDR to Block Software Installations

-

MTTR - MTTA

Hello, is there a way to compute the Mean Time to Acknowledge (MTTA) and Mean Time to Respond (MTTR) statistics of all the cases ?

thank you in advance

Cortex XDR

Can I disable the Cortex XDR on anyone of the endpoint(workstation or server) for temporary purpose from the XDR Console.

Multiple Queries regarding cortex XDR

Hello, 

Is it possible to know the following :

        1. Whether BIOC rules generate alerts/incidents in case there is a match for Custom prevention rules.

        2. Any method to bulk hash blocking using Action center.

        3. If we are hosting

Ways to identify cluster and namespace details for k8's

Is there a way we can identify cluster and namespace details for k8's and not just nodes and containers

Cortex XDR for OCI

Hi ,

Trying to find out if cortex xdr supports OCI.