02-13-2025 10:27 AM
Hi,
I have a question. I'm seeing XDR events with "Memory Corruption Exploit" generated by the XDR Agent... Cortex XDR
I know this typically happens when users open a DOCX file with macros. My question is: Is there a way to collect information related to the macro?
I'm asking because, in the artifacts, I only see the initiator "WINWORD.EXE", but not the actual file.
My goal is to capture this information or understand how I can retrieve it to enrich Cortex XSOAR and improve analysis results
02-17-2025 02:08 AM
Hello @tlmarques ,
Regarding the Memory Corruption Exploit, you will need to contact TAC. They will collect the necessary logs and provide a Support Exception based on the FVHash. If you are seeing these alerts frequently, TAC can also help with the Root Cause Analysis (RCA), which you can leverage in XSOAR.
Also check if you have "Qi An Xin" (QAX) as we have compatibility issues.
If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
