About KanwarSingh01

Hi,   We already do the full dump of process but when we launch the dump in volatility to analysis the headers, Dump is not able to match any profile in volatility due to which we cannot analysis the dump file. If there is a way we can analysis these dump files with volatility that will be nice.   Regards Kanwar ... View more

Hi There,   Can you please let me know the api you have been using which you queried? Each API is well documented and defines the limit on the API call. Please refer to the documentation of Cortex XDR API below: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/endpoint-management.html For example in the description of Get Endpoint you have a limitation of 100 endpoints only. You can design the call in such away that you can send the only a set of 100 endpoints in 2-5 seconds. This does the trick for us.   Thanks   ... View more

Hi There, Cortex is not meant to do web filtering. You can enable host firewall which will do only layer4-layer3 level filtering but not layer 7 filtering. Cheers ... View more

Can you please post the alert details? You can actually make an exception based on the filename, signer or various other methods etc.. under the Invetigation tab > Exclusions. ... View more

Did you have an alert around the same time on the same endpoint? If yes, can you post the details on that alert? ... View more

Hi There,   We would recommend you to open up a support case with palo alto where you will have to submit the alert data for them to investigate.   The rule which you have mentioned alone does not signify much as this is a friendly name to one of the rule set in EDR. ... View more

You can create groups based on Linux and Windows OS or whatever way you would like to create your group differentiater as. Under Endpoints > Endpoints Groups > Add Groups.   Once you have done this create a new agent profile where you enable auto upgrade based on your preference thereafter create a policy where you attach the newly created agent profile for upgrade and only attach the policy to specific endpoint groups.   Step: 1> Setup global Agent Auto Upgrade settings (Be careful of your internet link saturation.) Step: 2> Setup Endpoint Groups as per requirement. Step: 3> Create Agent Profile. Enable auto-upgrade in profile. Step: 4> Apply profile to endpoint policy based on groups. Step: 5> Test before production. ... View more