diff --git a/nxc/modules/enum_av.py b/nxc/modules/enum_av.py
index 53f14667b..d2854ffda 100644
--- a/nxc/modules/enum_av.py
+++ b/nxc/modules/enum_av.py
@@ -247,6 +247,14 @@ def LsarLookupNames(self, dce, policyHandle, service):
             "services": [{"name": "CSFalconService", "description": "CrowdStrike Falcon Sensor Service"}],
             "pipes": [{"name": "CrowdStrike\\{*", "processes": ["CSFalconContainer.exe", "CSFalconService.exe"]}]
         },
+        {
+            "name": "Cortex",
+            "services": [
+                {"name": "xdrhealth", "description": "Cortex XDR Health Helper"},
+                {"name": "cyserver", "description": " Cortex XDR"}
+            ],
+            "pipes": []
+        },
         {
             "name": "Cybereason",
             "services": [