Unified Inventory

Hello,

I have come across references to 'Unified Inventory' in the documentation for XSIAM, Xpanse, and Prisma Cloud. Could anyone please clarify if this is a single offering from Palo Alto Networks or specifically from Cortex? Alternatively, do thes

Multiple Paths in Disable Prevention Rules

Hello
Is it possible to specify multiple values while creating prevention rules exception for one "application" ? If so what is the schematics of adding those ?
Especially in path section. As if application has multiple location paths for its different

how frequently XDR will push logs to Cortex?

Hi, 

how frequently XDR will push logs to Cortex? We have application it will write logs 400k per sec and log rotation setup like if file size is 50 MB it will compress the file and zips it. due to this we are missing logs in cortex xdr.

can you plea

Application WhiteListing

I have an application that needs whitelisting.

Actions Done:

Add to Allow List

Add to Malware Profile, under specific module that triggered alert/incident.

It is still showing up in incidents when executed. Any idea what could be going on?

Parallel tasks in a playbook

I'm trying to find some useful learning resources on playbooks and I've watched the standard Youtube training videos, but I've seen some playbooks that do parallel task operations, like this

and I'm trying to understand what happens when those tas

Newbie question - how to write an array to a file in the context so I can send with O365 email integration

I have an array of hostnames, which I want to then turn into an attachment and then send by email using the O365 integration.

If I put ${array} into the body, it will loop and send an email for each element of the array. If I do ArrayToCSV, it then j

Reindex Specific Tenant

Hi, i want to restore index in a specific tenant. I will use this parameter but idk if i write -restore-index-name=demistoidx, is it true?
-restore-index-name=indexName

How to join slack {{#demisto-developers }} channel

Hi,

I registered my account and received an email with following content:

Join the Slack workspace Cortex XSOAR DFIR Community now to start collaborating! by clicking here or the button below.

However, the link seems expired and I got following

Tons of receptivity.io

I recently see a lot of my end machine shitting this domain: receptivity.io

Started (I dunno even know, a week ago?) My logs can no longer go far enough back to figure it out.

Cause I dunno, MS edge new tab? To hopefully remove the log entries I

AMSI Byte Array Scanning

Does anybody have a solution similar to Defender for Endpoint for using AMSI programmatically to scan incoming files? Essentially, we have a requirement to scan incoming files that are scanned prior to being sent along to their next hop. This all occ

Help playbook XSOAR - XDR assest and vulnerability module

Hi,

I am creating a playbook with the objective of integrating Cortex XSOAR and Cortex XDR. 

The idea is for Cortex XSOAR to query Cortex XDR , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the XDR