Security Operations

Not able to export custom field in the report

Hello team,

I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or

Email confirmation:

Hello Everyone,

When we request the Palo Alto team to review or change the category of an executable that is already been tagged as 'Malware' , why don't we receive an email confirmation from the platform acknowledging the receipt or change of the

No communication method found for form

Hey

I'm getting this error when I try to use Data collection (Task Only)

No communication method found for form "". Task can be completed manually

Has anyone encountered this and can help? 

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

Dear Everyone,

I would like to use the XDR BIOC Rule to block the host from creating, editing, deleting, renaming, etc. files in specific file paths.

I tried to write a BIOC Rule but found that it can't be successfully applied to the Restrictions p

Rare Admin Login in Environment

Hi guys, could anyone help me with the query I'm trying to do. 

I'm looking to build an alert based on the rarity of a login in the environment. For instance, raise an alert if "admin" logged in to a device, but that action hasn't been seen in the dev

BIOC not supported

Good afternoon,

I'm trying to create a BIOC rule that tells me when users are trying to access the wetransfer.com and dropbox.com DNS. To do this, I generated the following XQL. When run, it shows me the logs of the connections to these DNS.

data

On-demand file Examination policy

Hi,

I've got 3 questions.
1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are bein

Legacy Agent Exceptions or New menu??

Hi, what's your opinion?

Legacy Agent Exceptions or Global Exceptions Menu??

What's the difference? Which one is better?

Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings

Alert for Any PowerShell Script Execution in Cortex XDR

Hi Cortex XDR Community,

I want to set up an alert in Cortex XDR that triggers whenever any user runs a PowerShell script. The alert should activate for any script or command executed in PowerShell, regardless of the user or specific script.

Is there

401 Error When using Proofpoint Protection Server v2

Hello LiveComm,

I am trying to establish the Proofpoint Protection Server v2 integration on my XSOAR to use the SmartSearch and other cool features. I am doing this for a supported pphosted (POD) version and have created API credentials for this and

Missing button scripts from content packs

Is anyone else missing scripts when adding a button to layout? Not seeing any scripts from the installed content packs. They still work via CLI. 

Cortex XSOAR 

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

1. New Certifica

Custom Parsing Rule - Cohesity

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets

The only known issue I'm seeing so far is the logs get dupl