The Cortex XSIAM release includes the following known issues:
Issue ID | Description |
---|---|
EXPANDR-10012 | On the Threat Response Center page, the Total Active Critical/High Alerts on All Threats link displays alerts of all severity levels. This issue impacts customers with the Attack Surface Management add-on module whose tenant was created before July 14, 2024. |
EXPANDR-10350 | On threat details pages in the Threat Response Center, clicking on the Unassigned user in the Active Incidents by Assignee widget opens the Incidents page with an incorrect number of incidents. This issue impacts customers with the Attack Surface Management add-on module whose tenant was created before July 14, 2024. |
EXPANDR-10351 | On threat details pages in the Threat Response Center, the All Incidents for this Threat button, opens the Incidents page with an incorrect number of incidents. This issue impacts customers with the Attack Surface Management add-on module whose tenant was created before July 14, 2024. |
CPATR-25409 | In some cases, when the XDR Collectors is installed on a Linux platform, the XDR Collectors fails to register due to an incorrect operating system version. As a workaround, remove the |
CPATR-20105 | When performing a XDR Collectors installation or upgrade in Linux using a shell installer, the mount -o remount,exec /tmp NoteThe |
CRTX-67376 | Users with dataset role-based access control (RBAC) permissions can view already-created correlation rules using the data model on the Correlation Rules page, but can’t create or edit them. When users view the alerts for those rules, they can see neither the relevant pivots, nor the rule itself. |
CRTX-57553 | When setting up the Broker VM on Google Cloud Platform (GCP) and a GCP image is imported using the G Cloud CLI, the following command fails.
Until this is resolved as a workaround, use the following command.
|
CRTX-41336 | A Database Collector applet on a broker VM that is deployed in a Cortex XDR FedRAMP environment cannot connect to MySQL and MSSQL. |
XDR-55313 | When exporting Restriction type profile with custom indicator rules and then importing those back, the rules are no longer available. |
N/A | Currently, the Cortex XSIAM product URL contains the |
CPATR-15036 | Cortex XSIAM only supports stitching login Windows Event Logs into stories for a Windows 8.1 or later machine. |
XDR-30122 | When your XQL query includes a filter with a result that is an exponential number, the filter can sometimes not work as expected, including not returning any results. |
XDR-29691 | Cortex XSIAM calculates CVEs for applications according to the application version, and not according to application build numbers. |
XDR-21780 | Backwards scan is not supported when generating a BIOC from the Native Search. |
CPATR-10766 | After a Microsoft Windows patch (KB) is uninstalled from the endpoint, the Cortex XDR agent continues to report this KB to Cortex XDR. As a result, the CVEs list for the endpoint in Vulnerability Management cannot be updated to include the CVEs addressed by the uninstalled KB. |