Port scan alert

Hi everyone,

There is some situation in our case.

For example there is 2 windows host. Host1 and Host2. Host1 have XDR. But Host2 not. If Host2 executes port scan action (it doesn't matter which tool is using -- nmap, zenmap and etc) to Host1 in

Difference between system reboot and agent services off

Hi,

We have to configure 3 alerts that are sent via email.

Condition 1:

When cortex agent services are stopped then raise an alert via email.

Condition 2:

When system is powered off/turned off then wait will 10 minutes, if systems do not come b

Basic questions to host firewall

Hello dear community, 

what is the correct setting for disabling the management of host firewall through Cortex XDR? Why do I wan't that? Because I need to get the windows firewall running through GPOs. Host firewall from PA Cortex is not suitable

cortex broker log collector in HA Active Pasive

Good morning, dear friends,

I am facing the challenge of installing 2 broker VMs in HA (Active - Passive) as Log Collectors to receive logs from different data sources. My biggest concern and doubt is the configuration of the HA architecture of the

XQL: Anyone has working example of building analytics on XQL query?

We want to build analytics using XQL where we could find or create an alert if certain behavior has occurred for the first time on endpoint.

Currently, we use external help where we run XQL schedule query and then retrieve results and run python sc

Increasing severity for certain critical hosts or visible tagging

Is there a way to make certain server hosts show as critical servers? We have a certain amount of servers we'd like any incident related to them be automatically a critical or high alert when XDR creates an incident for them. I've created say a "Crit

XDR 8.2.1 on domain controllers keeps disconnecting from tenant

Hi all, we are observing this behaviour on some domain controllers where xdr agents losing connection to tenant and the only way-out is to remove them via xdr cleaner and reinstall, only to fail again in a bunch of days.

We are out of ideas, obviousl

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

Hi , 

How to check for the below actions in xql builder.

please help in developing a query 

1. The attacker sends a DCE/RPC request to the Victim Server Machine
2. The Victim is triggered to send a DNS SRV query about SafeBreachLabs.pro
3. The Attacker’s DNS

Cortex XDR Ransomware Protection: Aggressive mode & Resource Optimization

Hello Community,

I have a question regarding Cortex XDR in Aggressive Mode. During my testing, I noticed that it significantly impacts my machine's performance, as the Cortex XDR agent continuously analyzes the behavior of benign software, such as

Creation Rules or Policy

Greatings everybody

I´d like to know how can I create rules or policy for block bitorrent and torrent.

Ingest AWS GuardDuty logs

Dear community,

I'm seeking help to ingest AWS Guardduty logs into Cortex XDR.

I did check the documentation and only found the method to ingest AWS assets, Flow log via S3 and Route53 via S3. 
I don't mind the AWS guardduty logs is not normalized,