Bloodhound detection
Does anyone know what ways exist in Cortex XDR to detect if someone is running BloodHound?
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Does anyone know what ways exist in Cortex XDR to detect if someone is running BloodHound?
Hi,
For our SOC report, we want to have this table with the average statistics of last week's monitoring, including average time to assign, time to respond etc. Is there a way to extract these timestamps from the incident's timeline on XQL and ther
...
Hi team,
Does anyone have xql that sends the log when I add a user to a group in the active directory?
Wondering if we have any IOC, settings, content updates, to find and or inoculate against the PoorTry kernel-mode Windows driver. It's incredibly potent and resistant to defensive measures.
Latest article on it: PoorTry Windows driver evolves into
...
Hi team,
May I know, what is minimum quantity to purchase for Cortex XDR (Prevent and Pro) NFR?
Also, is Cortex XDR NFR quotation will consist only 1 line item, no need for any support SKU?
Thank you in advance!
I have an issue when trying to update users to the latest version of cortex. The control panel shows that Cortex is not installed but the Cortex Icon shows up in the system tray and I can access the console from there. When I run the uninstall tool t
...
Hi all,
On one of our pc we can't uninstall the version 7.3.1.20981 of Cortex XDR.
When we try to uninstall the program appears the popup with the warning "Cortex XDR only supports per-machine installation" and the uninstall process fails.
Cortex X
...
Would anyone else find it beneficial to have version control for rules made in XDR?
I feel like in theory it would be a reasonable lift to incorporate version control for changes made to custom correlation rules, for example.
Hello, can I find out the Cortex XDR Agent Version by querying a windows registry key? If so, where is it located?
Hi all.
I want to create multi-line graph, and I can create it. But My XQL query is too long and too many manual operation is there.
Do you have good idea for create multi-series line graph? (more shorter one)
Example (Just example. There are no Confide
Question
I want to replace _time field value with original timestamp, but I can not find way to do this.
Please tell me how to replace _time field value or Is this not possible due to specifications?
Background
When we collect logs from XDR Collector
...
Hello,
I need information about these cortex agent capabilities, as far as I can understand:
- Is the agent used as a probe to detect machines without the agent installed, if so, what information is obtained Host name, IP, MAC?
- Network Location Config
while installing cortex XDR i am facing this issue
"Installation directory should be accessible for user traversing make sure all directory components have at least : ------x--x "
Hello,
I'm trying to allow a program, after whitelisting it is still blocked. Do I need to modify another rule to allow it?
Hi,
Prior to the release of the cortex feature update, were IPv6 enpoints not supported by cortex XDR? Have any new IPv6-related components been added?
Subject | Likes |
---|---|
4 Likes | |
3 Likes | |
2 Likes | |
1 Like | |
1 Like |
User | Likes Count |
---|---|
6 | |
4 | |
3 | |
3 | |
3 |