Hello dear Community,
Does the Cortex XDR Agent work in Windows Safe Mode?
https://attack.mitre.org/techniques/T1562/009/
BR
Rob
Does anyone know the Cortex XDR Auto update mechanism?
I recently found that some agents failed to update automatically. The failed content included content update and agent update. The console log did not give the reason for the failure. What are the
Hi community,
Wondering if anyone else is seeing BT alerts for sdiagnhost.exe appearing over the last 24 hours? We have had similar things occur in the past due to over excited signature updates cause false positives.
This process is one that MSDT
...
Hello dear community,
you know how to handle this svchost.exe without signature? In my opinion it is FP, but why?
Isn't it possible for the cortex agent to read the signature from svchost.exe in this case?
I tweaked the alert and gave it m
...
Hello dear community,
in my mount tests I could find out following:
- if you mount the same file name 2 times with different file data inside the iso, the alert isn't created because the file isn't beeing created. I think the recent folder is no
...
Hello dear community,
how can I find out with Cortex XDR PRO (non per TB, non connected Firewall, etc.), which data was uploaded in this example? Has anyone an idea or script to do so?
BR
Rob
Hello dear community,
what is the best way to setup a query for bioc to get an alert. Maybe correlation rule is a better place for my project?
It should alert, when a XLL File was written or read or deleted.
Should I setup a specific file location
...
Hello dear Community,
has someone of you a ready to implement XQL Query for downloading zip/rar/iso file containing a iso? The source can be outlook, etc.
I found a sigma rule based on:
https://github.com/SigmaHQ/sigma/blob/master/rules/windows/
...
Hello,
The Resolved- False Positive incidents are automatically getting assigned to Under Investigation even though there are no updates or alerts regarding the incident.
The above keeps on repeating every day. Any idea why this is happening and
...
DTRH: Scripting Anything and Reaping Data
Overview
Customers are always asking for additional capabilities in the product and often times these feature request may come during a POC where having that capability can be the deciding factor in wi
...
Hello!
We have some alerts which show us a large upload.
My problem is now, I saw other clients uploading a ton of bytes, but this Alert wasn't fired.
I also cannot find any Rule for this.
Where is it comming from?
BR
Rob
Dear Live Community Members,
I have an issue and I'm struggling to find the reason behind it and need your help.
To give you some background on the problem at hand, my customer installed the Cortex XDR agent, and it works fine on some machines bu
...
Hello Community,
I'm been using the platform for a couple months and recently I'm getting interested in XQL query.
My question is how to I simplify the search string if i have multiple values that I need to insert?
With the example below, i'm lookin
I am thinking of a way to bring in xdr_data dataset logs which we see in xdr query builder to splunk.
As of now i am ingesting the alert and incident data from cortex xdr into splunk.
Can anyone suggest, how i can achieve this?
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
