Cortex XDR Discussions

Resolved! XDR agent not triggering alerts in the managements console while blocking

Hi, I have a rather peculiar issue(?) with one of my agents.

Said agent is working as intended, however it blocked a certain file form running under "Local Malware Analysis". which is fine, but I did not receive any alert nor incident in the manageme

...

XDR Analytic alert

I am not able to see all cortex XDR analytic alert on Console that is mentioned in the document . why ?

Resolved! Where to get more information on "Behavioral threat detected (rule: create_renamed_script_engine_by_hash)"

Hello Cortex users, wondering if anyone has seen this before? We are getting a single host flagged with a large amount of "Behavioral threat detected (rule: create_renamed_script_engine_by_hash)" but when we investigate in Cortex XDR there is almost

...

Resolved! Select more than 100 endpoints in Prevention Policy Rule

Hi,

I created new Prevention Policy Rule and can only select 100 endpoints. When I try to select more, I get the Note:

Note: The current target will be based on 100 endpoints, you cannot choose more than 100 endpoints. To create a larger target use Dy

...

Cortex Endpoint Isolation - Allowing Microsoft Intune

Anyone have tips on figuring out how to allow exceptions to successfully communication over the internet while an endpoint is in isolation? I would like Microsoft Intune to be able to continue to reach the device while the device is in isolation for

...

Resolved! Cortex XDR installation on an Windows 2022 Core

Dear PA,

Trying to install Cortex XDR v.7.7.0.X on a Windows 2022 Core and receive "Setup Wizard Ended Prematurely".

Any feed back from your side about this?

Best,

C.

Securing old web server IIS6

Hello,

We are solving a case of an IIS6.1 vulnerability on an old Windows 2008 R2 SP1 system. Microsoft no longer has support for Windows update. The customer cannot migrate to the newer system yet.
Would Cortex XDR be able to secure IIS v6.1 web serv

...

Resolved! Correct resolve types for XDR Incidents

Hi All,

I tried to find this on PA Knowledge base but unsuccessful. Our team tries not to make exceptions/whitelisting unless absolutely needed. Therefore, I believe teaching Cortex XDR correctly on what is safe and what is not is crucial.

For examp

...

Resolved! Can we check via cortex XDR which are systems have any specific software installed

Can we check via cortex XDR which are systems have any specific software installed

Adding comments to permanent device exceptions

Hi all,

Is there any way to add comments to existing device exceptions? I haven’t found the option to do so.

Java Deserialization Protection

Hello,

I am looking to enable the "Java Deserialization Protection" in my exploit profile.

I see the default is to leave it disabled.

anyone else have this enabled?

any advise or experience working with this?

Getting Multiple alerts about file "TwitchClient.exe"

I'm getting multiple alerts about the file "TwitchClient.exe" which is under below path

C:\Program Files\WindowsApps\AdvancedMicroDevicesInc-2.AMDRadeonSoftware_10.21.10043.0_x64__0a9344xs7nr4m\radeonsoftware\twitch\TwitchClient.exe

Is this file is a

...

Cortex XDR - Whitelist services in properway

Hi All 
I'm new to Cortex XDR Hub and i'm trying to manage somes clients in the right way.

I got this situation:
There are some clients who had used IoBit - DriverBooster for the drivers installation on the machine.
A lot of services about this applicat

...

Resolved! macOS Network Filter limited to no more than one active network service on M1 Mac

Hi,

I'm an enduser of Cortex XDR. Recently my workstation was migrated from an Intel MacBook Pro to a M1. During the migration process, both workstations were on macOS Monterey 12.3.1.

I've discovered on the M1 that with the Cortex XDR network filter

...

Resolved! Query Network

Hello XDR Community!

when the network (see screenshot) will be depprecated, will it be possible to get all the informations under network connections?

I don't get the same results and not dst_host which would be very usefull.

Here is my Query:

Networ

...

Discussions

Resolved! XDR agent not triggering alerts in the managements console while blocking

XDR Analytic alert

Resolved! Where to get more information on "Behavioral threat detected (rule: create_renamed_script_engine_by_hash)"

Resolved! Select more than 100 endpoints in Prevention Policy Rule

Cortex Endpoint Isolation - Allowing Microsoft Intune

Resolved! Cortex XDR installation on an Windows 2022 Core

Securing old web server IIS6

Resolved! Correct resolve types for XDR Incidents

Resolved! Can we check via cortex XDR which are systems have any specific software installed

Adding comments to permanent device exceptions

Java Deserialization Protection

Getting Multiple alerts about file "TwitchClient.exe"

Cortex XDR - Whitelist services in properway

Resolved! macOS Network Filter limited to no more than one active network service on M1 Mac

Resolved! Query Network

Where is agent v8.5???

Cortex XDR agent's CE versions missing from the list & version downgrading

Target while adding Allow/Block list

Portal XDR - Customer Feature Request

Integrate palo alto firewall with cortex xdr for utilize EDLs

Re: Cortex XDR agent's CE versions missing from the list & version downgrading

Required Windows Event IDs for the best Cortex XDR detection performance

Re: Query on the difference in Cortex XDR Agent

Re: xql query for file \ folder name.

Re: xql query for file \ folder name.

Unlock your full community experience!

Resolved! XDR agent not triggering alerts in the managements console while blocking

Resolved! Where to get more information on "Behavioral threat detected (rule: create_renamed_script_engine_by_hash)"

Resolved! Select more than 100 endpoints in Prevention Policy Rule

Resolved! Cortex XDR installation on an Windows 2022 Core

Resolved! Correct resolve types for XDR Incidents

Resolved! Can we check via cortex XDR which are systems have any specific software installed

Resolved! macOS Network Filter limited to no more than one active network service on M1 Mac

Resolved! Query Network