This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
About anlynch
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About anlynch
Online
34Posts
15Likes
3Solutions
Mar 28, 2023Last Visited
User
Activity
User
Profile
Latest posts by anlynch
| Subject | Views | Posted |
|---|---|---|
| 44 | 03-28-2023 08:42 AM | |
| 67 | 03-27-2023 02:54 PM | |
| 921 | 03-27-2023 02:43 PM | |
| 82 | 03-24-2023 01:14 PM | |
| 75 | 03-24-2023 10:52 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 5 Likes | 03-27-2023 02:43 PM | |
| 1 Like | 03-23-2023 08:03 AM | |
| 3 Likes | 03-22-2023 09:57 AM | |
| 1 Like | 03-20-2023 04:34 PM | |
| 1 Like | 12-06-2022 12:29 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 3 Likes | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 08-29-2022 01:13 PM |
| Date Last Visited | 03-28-2023 04:45 PM |
| Posts | 34 |
| Total Likes Received | 15 |
03-24-2023
10:33 AM
Hi @RamyashreeMada,
I just wanted to a supply a quick information update. You asked earlier about how long it would take a scan to time out. I was unaware of the time out, but can now confirm that the scan command should timeout after 24 hours. This amount of time can be changed with a Support Exception, but would require having a ticket in with our support team.
... View more
03-24-2023
06:28 AM
1 Kudo
Thanks for your comments.
Regardless of how the agent will run in the LXC container, the host server itself is experiencing the high CPU load. We'll open a ticket for that specifically.
Our security group is insisting on having the cortex agent installed on every server - unfortunately we have a number of servers running as containers. Since the LXC container processes are just isolated by namespace while sharing the host kernel, and the host sees all these processes anyhow, I agree that the agent probably shouldn't be running in an LXC container at all.
... View more
03-23-2023
07:41 PM
1 Kudo
Hi @odonaldadmin you can take a look at this link which describes how to configure Cortex XDR to forward to a syslog receiver. You can then use the same to forward logs to the syslog receiver as stated in this link.
... View more
03-23-2023
10:01 AM
Thanks for responding, I was aware of such file search. I was hoping a search against files existing on the hosts via sha would also have an option of multiple value input. I guess you are saying that is not possible for file_search = existing_files xql query?
... View more
03-22-2023
09:57 AM
3 Kudos
Hi @Majid1Khan,
I’ve taken a look at your list of exceptions received from Microsoft. It appears that some of them are individual files/file types. Others such as $db_normal$ appear to refer to a certain location on disk. Looking at this Microsoft documentation I was able to find references to what you were given.
SYSVOL Exceptions
$db_normal$ - See below
FileIDTable_* - See below
SimilarityTable_* - See below
*.xml - File Type
$db_dirty$ - See below
$db_clean$ - See below
$db_lost$ - See below
Dfsr.db - File Type
Fsr.chk - File Type
*.frx - File Type
*.log - File Type
Fsr*.jrs - File Type
Tmp.edb - File Type
In the screenshot above you can see a lot of the file types you mentioned in your previous post. I hope this helps clarify the exceptions you would need to input into Cortex XDR.
Please reply to this comment if you have any further questions. We’re happy to help.
Have a great day!
... View more
Contact Me
| Online Status |
Online
|
| Date Last Visited |
03-28-2023
04:45 PM
|
Latest Tags
No tags yet
Likes From
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks