Forensics on deleted files on Endpoint
need to know if XDR has the capability to perform forensics on Endpoint if user deleted any files on computer. If so, how would you go about performing this task.
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
need to know if XDR has the capability to perform forensics on Endpoint if user deleted any files on computer. If so, how would you go about performing this task.
We're currently receiving email notifications when an agent version goes EOL, however we don't seem to be notified when a new Cortex XDR agent is released and available for creating installation packages. I also can't seem to find a link or method to
...
Hello
I'm looking for an autmoatisation, where I'm able to download the freshly created xdr-distribution-file.
In my Playbook I've created following steps:
xdr-get-distribution-versions
xdr-create-distribution
xdr-get-distribution-url
Now, the last step
...
Any other format to create reports in cortex XDR other than PDF, like PPT or word format as in PDF not able elaborate properly
any can help better for customer understanding.
Based on what parameter is cortex XDR removing endpoints under endpoint administrative cleanup?
Eg if we chose hostname then will it remove the hostname found first or will delete the hostname XDR found last checked in?
And if we have 2 mac addresses a
Hello dear community,
Since some days, my alert exclusions do not work anymore and the alerts are popping up. Now i noticed the quotes in the target process cmd.
powershell.exe -command --> before
"powershell.exe" -command --> from now
What has
...
I dont really understand logic behind PATHFINDER. I installed Broker VM and configured pathfinder. But i can not see anything in Pathfinder Collection Center. I can not find answers to my questions in documentations. Can anybody please explain about
...
The status of the findings in the incidents overview is currently no longer updated. In the quick view, I see the change, e.g. 'Benign', but the entry in the 'Key Assets & Artifacts' shows still the initial classification. This behaviour has been goi
...
Hi,
Is Cortex XDR supported on AS400 servers?
Kindly provide documentation related to it.
Thanks
Hello,
1. Can we please know the recommended procedure to change the defalut password for agents.
2. Is it possible to change the password for particular endpoints?
3. Will there be any operational issues or impacts if we perform this acitivity?
...
Hi all,
I get the data with Cortex XDR API. I couldn't find which field the Activity Time field matches. The closest results are event_timestamp and detection_timestamp, but not all of them are correct.
XDR allows you to auto upgrade agent to any of the below:
Latest agent release
Only maintenance release
Only maintenance release in a specific version
Upgrade to a specific version
I want to check what exactly does "Latest agent release" means ?
Accor
...
Dear All,
Product - Cortex XDR Pro
I no longer can generate Reports from the Reports Templates.
The last successful reports were generated on 17-Jan-2023 08:00.
A "Report Generation Failure" was prompted at the Notifications section.
Not sure if
...
Hello dear community!
as you know, there are sometimes changes (computer names, domains, etc.) on the endpoints.
And know there is also a cortex version from PA, which has the problem too "kicking" out the endpoint from the endpoint group (not rea
...User | Likes Count |
---|---|
4 | |
4 | |
2 | |
2 | |
1 |