This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Chilla
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Chilla
09-27-2023
12Posts
0Likes
1Solution
Sep 27, 2023Last Visited
User
Activity
User
Profile
Latest posts by Chilla
| Subject | Views | Posted |
|---|---|---|
| 319 | 07-26-2023 10:02 PM | |
| 418 | 07-11-2023 07:34 PM | |
| 424 | 06-17-2023 12:58 AM | |
| 648 | 06-14-2023 11:23 PM | |
| 707 | 06-13-2023 11:12 PM | |
| 746 | 06-13-2023 08:20 PM | |
| 788 | 06-13-2023 06:58 PM | |
| 362 | 06-12-2023 08:31 PM | |
| 472 | 05-29-2023 08:50 PM | |
| 556 | 05-26-2023 01:52 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 10-23-2022 11:54 PM |
| Date Last Visited | 09-27-2023 05:06 AM |
| Posts | 12 |
07-26-2023
10:02 PM
Dear community,
I would like to block connections to specific domains using BIOC, but I found that the "Add to restrictions profile" button is missing when right-clicking on a BIOC rule. Why is there no such button? Alternatively, is there any way to block specific domains using XDR?
... View more
07-11-2023
07:34 PM
Hello dear community,
We noticed a feature called Cloud Compliance on Cortex XDR, but we don't see any details.
What is this feature related to and from where to collect data?
Is there any documentation available about this feature since I couldn't find any related instructions in the help center?
Thanks.
... View more
06-17-2023
12:58 AM
Dear community,
I tried to make some agents connect directly to the server without using a broker.
However, it's not able not connect to server.
I referred to the practices of others, and tried executing " cytool reconnect force", but still couldn't establish a connection. Because some endpoints can be successfully connected, it can be ruled out that the firewall is blocking the connection.
After checking the traps.log,
I noticed that the logs do not mention FQDN. Is this normal?
Furthermore, the broker has been confirmed to be offline, but it appears that it is still attempting to connect to the broker and showing a "connect timed out" error.
Upon checking the "All endpoints" section, it seems that the proxy field still contains the broker IP. Could this be related to the issue? But why is it that some endpoints can still connect directly to the server, even though the proxy field still contains a record?
thx for any help.
... View more
06-14-2023
11:23 PM
Hi @creddy ,
Thank you for raising your concerns.
Sorry, probably I didn't explain it clear enough and caused your misunderstanding.
What I mean is that when the prompt to enter the password appears, there is no need to enter the password or press Enter to continue running the command.
Is your agent supervisor password correct? → Yes. I have tried to run cytool in the standard way and entered the supervisor password, which is correct. Then I check my agent setting to comfirm it's same password.
Is your agent able to connect XDR cloud servers and showing as connected in XDR console? → Yes, It's connected to XDR Console
Can you perform checkin on agent console and see if it works? → It's works!
... View more
06-13-2023
11:12 PM
Hi @creddy
Thank you for your response.
My agent version is 8.0.1, and I also running the command with administrator privileges.
I tried both commands you provided.
Although they don't require pressing Enter during execution, there will still be a prompt asking for password input.
... View more
06-13-2023
08:20 PM
Hi @creddy ,
Thank for your response.
I try your command, it still getting prompt to enter password.
But it allows me to skip the situation where I need to press the Enter key to continue running.
... View more
06-13-2023
06:58 PM
Hi everyone,
I want to run Cytool reconnect on multiple computers,
I tried the following
echo <password>| cytool reconnect force
it works, but still displays "Enter supervisor password:", so you still need to press enter to let it continue running.
is there another way to pass the password to cytool via cmd? Or make it not display "Enter supervisor password:"
Thanks!
... View more
06-12-2023
08:31 PM
Dear Community,
After modifying the password for a Windows user, the user account is continually locked out. Using Process Monitor, it was discovered that the XDR service (cyserver.exe) read cached credentials(C:\ProgramData\Cyvera\LocalSystem\Python\payload\grpc\_cython\_credentials). At approximately the same time, the lsass.exe process began sending authentication information to AD. Therefore, it is likely that the user account was locked out as a result of reading cached credentials around the same time.
May I ask what is stored in this path? C:\ProgramData\Cyvera\LocalSystem\Python\payload\grpc\_cython\_credentials
Has anyone experienced a similar situation before?
Thanks.
... View more
05-29-2023
08:50 PM
Hi @PiyushKohli ,
Thanks for the information.
I'm trying to star some users, but not every starred user appears on my watchlist. May I ask why some of the starred users cannot appear on the watchlist?
Furthermore, I understand that selecting "Gained" as the sorting method shows the score gained within a custom timeframe. Therefore, selecting "Total" as the sorting method should show the total score after enabling ITDR, right? However, I not sure why some user scores become negative when I switch to "Total", I want to understand the reason behind this result.
Best wishes.
... View more
05-26-2023
01:52 AM
Hello everyone!
Recently, I have been learning about the Identity Analytics feature in Cortex XDR.
After enabling Identity Analytics, I found that not every tenant presents the same interface.
I found that the following UI features are not identical:
absence of a Risk Management Dashboard
less information displayed in User Risk View (e.g. Regular Activity Hours artifact info, Actual activity...)
no Asset Roles Configuration(Asset → Asset Roles Configuration).
no Host Risk View
I checked some official documents, it seems to be caused by the Identity Threat Module not being enabled.
I’m a little confused about a few points:
So enabled Identity Analytic does not represent the Identity Threat Module is enabled?
To fully enable the Identity Threat Module, we not only need to enable Identity Analytics in Cortex XDR but also need to activate the Cloud Identity Engine, right?
About Risk Management Dash Board, I check the document about Metrics Widgets. Regarding the description of "Top 5 Users at Risk" and "Watchlist" in Widgets, both are about users who are most vulnerable to potential security threats. I would like to know more about the differences between them.
In User Risk Card, "Login Attempts" and " Latest Authentication Attempts", i t seems that both display login information, including src_ip, dst_ip, and vendor. I would like to ask for more information about the differences between the two.
Perhaps someone can help me clarify the above questions. Thank you all. 🙏
... View more
05-07-2023
11:26 PM
Hi all,
I try to run registry_get in the action center, but always fails to run.
I check the administrator guide
and learned that doesn't seem to work when running specific hives (e.g. / HKEY_CURRENT_USER/ )
So I try to get some registry information in \HKEY_LOCAL_MACHINE\SYSTEM\Cyvera, the content of this script mentions support for accepting registry paths starting with 'COMPUTER\\', but no matter if I add "COMPUTER\\", the final execution result is a failure, then the exception logs all show the following:
Syntax error when running function ' run ' in script:
Traceback (most recent call last):
File "script_execution.py", line 463, in _execute_script
File "C:\ProgramData\Cyvera\Administrators\Temp\payload_execution\26caf6\script.py", line 27, in run
with winreg.OpenKey(map_key(registry_hkey), registry_key_path) as key:
File "C:\ProgramData\Cyvera\Administrators\Temp\payload_execution\26caf6\script.py", line 61, in map_key
return eval(f"winreg.{hkey}")
File "<string>", line 1
winreg.
^
SyntaxError: unexpected EOF while parsing
I would like to know what is the correct input method to execute this endpoint script (registry_get). Is there some sample input and running results for reference?
Thanks.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
09-27-2023
05:06 AM
|
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks