HELP With XQL Query to fetch All Assets

Hello Everyone, 
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets. 

Thank you 

Cortex XDR 

no alerts no incident

Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?

Cortex XDR Integration with NGFW

Hello, 

I have Cortex Pro per GB license and NGFW. I have successfully created certificate and it is showing as valid in XDR console. I have created a profile which is sending logs to Data Lake. I have applied it on many policies. But I cannot get

Compare results in table to lookup?

I have a lookup with software names and want to use it to compare it to results from xdr_data using the fields actor_process_image_path which is the dir the software in installed in.  

Maximum file size for hash calculations

What is the maximum file size for hash calculations in both XDR data and Insight Hosts files database? Thanks. 

Prevention Policy Rules Time to update?

Hey,  

I've configured a Prevention Policy Rules to apply on windows endpoints which have a tag = myname.
How long should it take to apply on these endpoints ?
For example if I go to "All endpoints" in the "Assigned Prevention Policy" I still see the ol

Creating disable prevention rule for Alerts with different sha256 but all other values were same

We have created a disable prevention rule for a few Cortex XDR agent-blocked alerts because they were false-positive.

However, we recently received 2 new alerts with the same fields as the ones for which we created the disable prevention rule.

I only

Broker VM shown disconnected

Hi, our Broker VM is shown disconnected on XDR console. The VM is up and running and I can connect to it via SSH. It can connect to the paloaltonetworks.com domain as I can see the traffic on firewall. Version is 25.0.44. Even the last seen is today,

Cortex XDR Ransomware Protection - Protection Mode "Aggressive" vs "Normal"

Hello 

Is there the cheat sheet of comparison of Ransomware Protection Mode "Aggressive mode" vs "Normal". I have no idea key differences between "Aggressive" and "Normal" mode. I need to that cheat sheet in my report. Anybody can provide or Do Pal

Alert to Incident

Hey dear community, 

do I have the chance to elevate a alert to an incident? I tried allready to set the severity of an alert to critical, but nothing happened. This alert doesn't get an Incident ID. 

I thought this was possible in the past, but

Cortex XDR does not show file name

Hello everyone, 

I have an incident and when I open related logs, it is showing large upload. I can see a bunch of logs which indicates that someone has uploaded 53 mb file to amazon or one drive. I saw destionation host as ........amazon.com and i

How to download Cortex XDR 7.9 CE Version?

I want to install Cortex XDR on Win 7 and Win 8 systems and as per my knowledge we can only install 7.9 CE version agent. 

From where can I download it? its not showing in on Agent Installations --> Create agent installation option. Need urgent help

XQL Query to find bugcheck (BSOD) entries in event logs

We are experiencing a few BSOD events when auto-upgrade pushes new agents.

Anecdotally, it only seems to happen to a small number of machines and well below 1% of the total XDR estate, however this is anecdotal and I keep getting challenged that "only