Cortex XDR Discussions

Action #352 failed. Action description: Retrieve endpoint data from

Hi everyone,

I received the following notification, and I wanted to understand what this means?

Thank you

Shmuel

Action #352 failed. Action description: Retrieve endpoint data from

cannot install cortex on server core 2022

Hi all

i try to install cortex agent 7.8 on server core 2022 but it fails with little explanation

did someone success on it ?

=== Verbose logging started: 21-10-22 10:56:37 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Wind

...

Blocking executions of IOC without showing any alerts

Hello ,

Please help us with the process of blocking of IOC process coming from various campaigns in cortex XDR .

Regards,

Shashank

Resolved! Automatically changing the status of incidents

Hello,

Cortex XDR is changing the status of incidents from Resolved to Under Investigation automatically. Why is this happening?

Named pipe hunting -Cortex XDR Pro

Hello dear community!

Is there a way to hunt for named pipe communication?

BR

Rob

https://svch0st.medium.com/guide-to-named-pipes-and-hunting-for-cobalt-strike-pipes-dc46b2c5f575

How to query for Vulnerability Assessment Data

I would like to query XDR externally for the data stored in the Host Insights > Vulnerability Assessment page.

I looked through all of the available APIs, but none of them seem to have data related to CVEs. I would not be opposed to writing a custom

...

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Hello dear communinty,

we would like to know, if there will be a functionality in the future like applocker or MDAC for whitelisting applications/scripts/etc.. If they are not in out WL, they cannot be executed and we get a information/alert.

T

...

Resolved! Filter incidents on action in Cortex XDR

Hello,

I would like to filter incidents on what kind of actions have been taken. Is this available or should I make a feature request somehow?

Ie. filter on all incidents containing alerts that have prevented as action. Or Filter out any where the

...

Resolved! Cortex XQL incident query

Hello PAN community !!

I'm new in this platform and I am a little lost here. I'm trying to create a query to list all endpoints of a specific endpoint group with all its incidents (malware,etc).

To get the endpointgroup and its endpoints I'm using

datas

...

Cortex XDR: False Positive detection of VulnDetect scripts

Hi,

A number of our customers has complained about our signed PowerShell scripts being flagged and, in some cases, blocked by Cortex XDR.

The scripts in question can be found here:

https://stream.vulndetect.com/e/task.ps1

https://stream.vulndetec

...

Resolved! Linux support for XDR

Hi,

Which Linux distributions does Cortex support?

Host Firewall

Hello Team,

We intend to enable the Host Firewall feature in the Cortex XDR. Please give us a brief overview of how this feature works.

Not able to set Proxy for Windows 2012 servers

Hello ,

We are unable to see few servers in our endpoint list. But the user confirmed it has cortex installed in it and is enabled also particularly For Windows 2012 servers we're not able to set the proxy and for some hosts last seen connected dat

...

Agents Intermittently Disappearing in Cortex XDR Then Shows Up

Hi,

Some Agents in Cortex DXR disappears then shows up after few days - no pattern at all

If my understanding is correct, if the Agents are disconnected or there's a connection lost, the Endpoint Status column will dictate it.

But the Agents in q

...

Cortex XDR PoC: Monitoring Malicious Chrome Extensions

PoC Lab: Monitoring Malicious Chrome Extensions

By: @mfakhouri

Executive Summary

With the convenience Chrome extensions provide, such as ad blocking, enhanced web viewing, and improving user experiences, it is no surprise that malicious act

...

Discussions

Action #352 failed. Action description: Retrieve endpoint data from

cannot install cortex on server core 2022

Blocking executions of IOC without showing any alerts

Resolved! Automatically changing the status of incidents

Named pipe hunting -Cortex XDR Pro

How to query for Vulnerability Assessment Data

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Resolved! Filter incidents on action in Cortex XDR

Resolved! Cortex XQL incident query

Cortex XDR: False Positive detection of VulnDetect scripts

Resolved! Linux support for XDR

Host Firewall

Not able to set Proxy for Windows 2012 servers

Agents Intermittently Disappearing in Cortex XDR Then Shows Up

Cortex XDR PoC: Monitoring Malicious Chrome Extensions

Incorrect Endpoint Type Reporting in Cortex for Ubuntu 24.04 LTS Machine

Keeping alive a program after closing Live Terminal

Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

how remove softwares with XDR

Cortex XDR agent deletion after a period of time

Re: Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Re: Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Re: Growth of ARM processors in Windows Ecosystem

Re: USB protection exeption for ClickShare usb Device

Re: Cortex XDR login issue

Unlock your full community experience!

Resolved! Automatically changing the status of incidents

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Resolved! Filter incidents on action in Cortex XDR

Resolved! Cortex XQL incident query

Resolved! Linux support for XDR