Hello , is there any way in cortex XDR to block executions without whitelisting/blocking the hash/file path and not get
any incident or alert and at the same time.
Hi,
I turn on the Host Insights free trial and not see any information on Host Insights,
when i did that to other customers ther all working well but at this one its not working, what is the problem?
i did calculated again, i turn that on week ago.
Hello
Please share any experience or advice for below situation and how best to approach this .
Currently agents are connected to UK Cortex XDR tenant via a Broker VM installed on premise . Now the need is to use EU Cortex XDR tenant ,this will
...
Hello dear Community!
Does this result reflect the strenght of PA Cortex XDR?
https://papers.vx-underground.org/papers/Malware%20Defense/AV%20Tech/An%20Empirical%20Assessment%20of%20Endpoint%20Security%20Systems%20Against%20Advanced%20Persistent%2
...
Is it possible to create a correlation rule to identify when new services are present on an endpoint
For example,
Create a correlation rule ,using a query that returns all services on an endpoint, that creates a new data set of the results..say there a
...
Hi All,
We are trying to move around 2000+ hosts to cortex XDR. We have started installing agents in a phase-wise approach not all at once.
Also, have created a specific endpoint group with customized prevention policies.
Now the problem is that the a
...
Hello PA community ,
Please could you clarify a doubt ?
In Cortex XDR is there any way to alert if the endpoint is disconnected?
From my knowledge . i can confirm that we can retrieve disconnected agent by creating a filter from endpoint administrati
...
We're in the process of installing a new setup with Citrix App Layering (Full User layers) and MCS. I've followed the suggestions here on non-persistent installation (VDI_ENABLED=1); even though our setup technically is sort of persistent (because of
...
Hi all,
Some of our endpoints in our Cortex XDR Console shows a "Connection Lost" Status but the endpoint is still active.
The cytray shows disabled and no connection. We also checked the control panel and upon checking, The installed Cortex XDR Agen
...
When running xql queries against host inventory i have 2 questions
1.
Is there documentation that states what each field means in the array
The example below " start mode" and "state" are numerical
It appears start mode3= "Service Manual Start" but i nee
...
The Get Incidents API allows you to filter based on an incident_id_list, but not a list of endpoint_ids much less endpoint group. The Get Alerts API allows you to filter on an alert_id_list, but not a list of endpoint_ids much less endpoint group.
I
...
I am attempting to pull in endpoint/incident data using the appropriate API in PowerBI. However, there's a limit of 100 . I tried adding a separate custom column anticipated that my total number of incidents would be let's say "x" value, but that jus
...
Hello,
I can't turn off disk encryption. I disabled the disk encryption policy for an endpoint, then the encryption status returned as not configured. But I can still see bitlocker on the endpoint is ON. How can I turn off bitlocker on endoint not ma
...
Hi all,
We're having an issue where Citrix PVS servers running Cortex XDR consume a new XDR license every time they reboot. I don't fully know how PVS works, but essentially from what I can gather is upon booting up, it pulls a copy of an image from
...
No, Pathfinder uses an agentless endpoint analysis service, running its own code on suspicious endpoints to collect information about running processes on the endpoint and determine if the processes are malware or greyware.
