topic Re: How to keep cortex xdr in passive mode in Endpoint (Traps) Discussions https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/how-to-keep-cortex-xdr-in-passive-mode/m-p/588865#M1151 <P>that should depend on what you mean by migration to CrowdStrike. EPP or EDR?</P> <P>Crowdstrike is cloud native EDR. The EPP is afterthought. Be more specific</P> <P>If you aren't going all in with the Cortex Pro (EDR/XDR), don't give up the Cortex "Prevent" (EPP) on the host. One informs the other.&nbsp; As long as its there you can always switch back. flipping the script so to speak and 2 sources of intel is better than 1. As former McAfee ATA Ive built the technology platforms in a few flavors but I personally like the Cortex Prevent EPP and Defender EDR (Passive). I like it for what it is.. Metrics for the crew and telemetry for troubleshooting. If i had a crew of analyst or at least one good one and some money id go all in on the Palo XDR platform. Shiny toys get dull if you cant or dont use them</P> Wed, 05 Jun 2024 18:45:49 GMT JohnSmith7732 2024-06-05T18:45:49Z How to keep cortex xdr in passive mode https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/how-to-keep-cortex-xdr-in-passive-mode/m-p/588461#M1149 <P>Hello All,&nbsp;</P> <P>&nbsp;</P> <P>We are initiating the migration process from cortex xdr to crowdstrike, so can we put the cortex xdr in passive mode.</P> <P>&nbsp;</P> <P>Regards,</P> <P>Sakshi Seth</P> Fri, 31 May 2024 07:26:54 GMT https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/how-to-keep-cortex-xdr-in-passive-mode/m-p/588461#M1149 Seth_Sakshi 2024-05-31T07:26:54Z Re: How to keep cortex xdr in passive mode https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/how-to-keep-cortex-xdr-in-passive-mode/m-p/588865#M1151 <P>that should depend on what you mean by migration to CrowdStrike. EPP or EDR?</P> <P>Crowdstrike is cloud native EDR. The EPP is afterthought. Be more specific</P> <P>If you aren't going all in with the Cortex Pro (EDR/XDR), don't give up the Cortex "Prevent" (EPP) on the host. One informs the other.&nbsp; As long as its there you can always switch back. flipping the script so to speak and 2 sources of intel is better than 1. As former McAfee ATA Ive built the technology platforms in a few flavors but I personally like the Cortex Prevent EPP and Defender EDR (Passive). I like it for what it is.. Metrics for the crew and telemetry for troubleshooting. If i had a crew of analyst or at least one good one and some money id go all in on the Palo XDR platform. Shiny toys get dull if you cant or dont use them</P> Wed, 05 Jun 2024 18:45:49 GMT https://live.paloaltonetworks.com/t5/endpoint-traps-discussions/how-to-keep-cortex-xdr-in-passive-mode/m-p/588865#M1151 JohnSmith7732 2024-06-05T18:45:49Z