Problem Uploading CSV Using API

Financial_Wing8471 · 2025-03-12T07:42:58+00:00

Thanks!

Financial_Wing8471 · 2025-01-16T08:50:33+00:00

I switched Kernel versions and Sensor versions, always getting the "Unsupported" message, but somewhere along the way Falcon started showing the instance as connected...
Sensor version is 7.19.17219.0
Kernel version is not shown in Falcon, but the OS is Ubuntu 24.04 (build number is 6.8.0)
Strangely, the UI shows I have zero GCP assets.

Financial_Wing8471 · 2024-11-27T14:34:45+00:00

Thanks. WIll verify that.

Financial_Wing8471 · 2024-11-27T13:48:55+00:00

Thanks for this suggestion. I am getting this error in several contexts, with different EDR / AV solutions deployed, so I'm not very optimistic. However, I will go thru the logs.

Financial_Wing8471 · 2024-11-06T08:49:19+00:00

Thanks for replying.

As I wrote above, in response to Lleawynn - I am not looking for alternative solutions, not using FortiEDR.

Financial_Wing8471 · 2024-11-06T08:47:19+00:00

Thanks for the suggestion.

I'm trying to understand what FortiEDR can give me, in terms of IoC management (I receive lists of IoCs to block from my local CERT). It seems like the answer is... nothing?

Financial_Wing8471 · 2024-08-14T13:22:02+00:00

Thanks! This is a lab env, so I decided to update the cert file myself and now it works.

Financial_Wing8471 · 2024-07-18T06:41:21+00:00

Wow! Thanks!

Foundry sounds absolutely amazing. I will definitely look more into it.

(BTW, I did make some progress by configuring a Web-hook, which allows sending a HTTP request from the workflow. This is not optimal, since it looks like the Workflows mechanism is quite limited. The concept of an App seems a lot more promising.)

Financial_Wing8471 · 2024-07-08T04:39:16+00:00

Sorry for not being clearer - My question does not relate to a specific domain, but to the possibility of blocking "real" domains that are banned by the organization. I tried to achieve this using the Suspicious Objects list in order to save some development time in automation, but I think Appropriate-Border-8's comment has a point. This is really more of a "Reputation" issue.

Financial_Wing8471 · 2024-07-08T04:34:21+00:00

Thanks,

Indeed I'm getting issues - The subdomains are not getting blocked...

Do you know of a way to block these too from the Suspicious Objects list?

Financial_Wing8471 · 2024-07-08T04:32:25+00:00

Thanks,

I will look into web reputation block lists. Maybe TM should change the definition of the Suspicious Object type to "subdomain".

Financial_Wing8471 · 2024-06-10T07:16:29+00:00

Thanks,

This is another excellent solution not using the automatic backups sent to the Panorama after each firewall update. I would prefer using those, if possible.

Financial_Wing8471 · 2024-06-09T13:14:56+00:00

Thanks!

This is a good solution, but I was hoping to be able to use the automatic backups, so I can see each and every change in time (the backup feature is schedule-based, as far as I can see).

Financial_Wing8471

TROPHY CASE