Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
Hello,
Can we create a widget with regards to endpoint tag and number of agents?
Hello dear community,
like I saw, there is no possibility to find out the signer, from files which were only downloaded, moved, etc. but not executed.
Why is this not possible?
BR
Rob
Hi ,
Why Cortex XDR is not detecting malicious files which are present in system.
for testing purpose I have downloaded a test malware also but it is not reflected after the malware scan.Can anyone please give clarity on this.
Does Cortex detects malici
Hello,
I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it.
Is there any way to block/preven
...
Hello dear community!
I want to stop every python prozess with an bioc.
Will this also affect the script functionality from the Cortex XDR Pro agent?
BR
Rob
Currently, our devices are unprotected state and partially protected state due to disk consumption.
Is the data in the cortex xdr incrementive or does it delete itself after sometime ?
What is the possible solution for this issue ?
How do we diff
...
Hello dear community,
Has anyone of you expierience with usb rubber ducky and cortex xdr?
Our supplier couldn't answer this from the beginnen of the poc. (~1Y)
Maybe the collection of a community like you get this question faster answered?
I wou
...
PoC Lab ft. CVE-2021-3560
By: @mfakhouri
Executive Summary
What was CVE-2021-3560?
What Does Privilege Escalation Entail?
How is Polkit Supposed to Work?
Cortex XDR at Play
Overview of Lab Setup Script
Adversary Motion
...
Dear Live Community Members,
My customer is facing issues when trying to remove Cortex XDR.
In short, uninstalling the software is not removing all the config, and it gets all the old settings back, like the broker and other stuff.
We even used th
...
Some endpoints shows "Agent is not running due to disk space" and "Agent running without any valid content" in Operational Status Data. What could be the possible reasons and how to troubleshoot?
Im needing to find endpoints that have a certain application (Application1) installed but then does not have (Application2) installed
The query below returns results that have either Application1 or Application2
Im downloading the results and then us
...
Hello,
1. Please recommend the scanning period and best practices to achieve AV operations through XDR.
2. On what basis does the malware scanning take place. Is it signature based, Hash based etc.
Hello Team,
Can you kindly assist in a template or guide on how to create a custom dashboard to show the overall company security index based on all incidents and open vulnerabilities created on the Cortex XDR Platform and trends in showing that th
...
Hello ,
Noticed in operational status Endpoint whose agent version is not upgraded mentioning status as protected ,unprotected & unprotected ,
After seeing operational status data came across 6 unique issue in servers .
They are as follows:
1.
"Xd
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
