Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.

Who rated this post

Cortex XDR flagged malicious macros

L0 Member

Hi team
Cortex XDR keeps generates hundreds of alerts due to suspicious macro detected in my network. 
Severity : High
Alert Source : XDR Agent
Action : Detected (Post Detected)

Category : Malware
Extensions : .xls .tmp .xlt  .xar

Seems Cortex deletes all kind of files that has macros , but in reality those are not malicious. 

"alerts_table": {
"alert_json": {
"action_country": [
"action_file_extension": [
"action_file_name": [
"action_file_path": [
"action_file_sha256": [
"action_process_signature_status": [
"actor_effective_username": [
"actor_process_signature_status": [
"agent_data_collection_status": false,
"agent_device_domain": "XXXX",
"agent_fqdn": "XXXXXX",
"agent_hostname": "XXXXXX",
"agent_id": "9d0d8ee73cfc4be39ce6a3dde57ddfcb",
"agent_ip_addresses": [

"agent_is_vdi": false,
"agent_os_sub_type": "10.0.19045",
"agent_os_type": "AGENT_OS_WINDOWS",
"agent_version": "",
"alert_action_status": "POST_DETECTED",
"alert_category": "Malware",
"alert_description": "Suspicious macro detected",
"alert_ingest_status": "READY",
"alert_is_fp": false,
"alert_name": "WildFire Malware",
"alert_source": "TRAPS",
"alert_type": "Unclassified",
"association_strength": [

Who rated this post