Discussions
Check out LIVEcommunity discussions to find answers, get support, and share knowledge related to Palo Alto Networks tools and products.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Discussions
Check out LIVEcommunity discussions to find answers, get support, and share knowledge related to Palo Alto Networks tools and products.

Browse the Community

General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

24395 Posts

Custom Signatures

The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.

176 Posts

VirusTotal

Have you encountered a false positive verdict for Palo Alto Networks (Known Signatures) on VirusTotal? Use this forum to submit a verdict change request. Change requests should include the File Hash, Link to VirusTotal report, current VirusTotal verdict, and description.

802 Posts

Network Security

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to all things Network Security.

5185 Posts

Cloud Delivered Security Services

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Palo Alto Networks’ Cloud Delivered Security Services.

654 Posts

Secure Access Service Edge

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Prisma Access and Prisma SD-WAN.

573 Posts

Security Operations

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

4590 Posts

Activity in Discussions

XSOAR 8 Commercial SaaS/ Govt Cloud to Microsoft Sentinel GCC High Integration

Hi everyone, I am evaluating the integration between Cortex XSOAR 8 (Commercial SaaS / Government Cloud) and Microsoft Sentinel, which is deployed within a GCC High environment. I have the following queries: 1. CONNECTIVITYI noticed that the Microsoft Sentinel integration in XSOAR provides a "US GCC-High" option under the Azure Cloud dropdow...

I can't perform a dynamic update on the PA-460

Hi,When I ran “Device > Dynamic Updates > Check Now” on the PA-460, the following error was displayed.Failed to check Content upgrade information due to an invalid SSL peer certificate or SSH remote key. Please check network connectivity and try again. Failed to check IoT upgrade information due to an invalid SSL peer certificate or SSH re...

Replacement of RMA

We received the replacement firewall against RMA 03878548 and would like to hand over the old firewall device. Could you please confirm: Whether the old device needs to be returned. Return shipping address and contact details. Any shipping label or AWB that needs to be used. Whether any accessories (power supplies, rails, etc.) should be return...

XQL to get details of endpoint connection time

Hello Team, I need to create a report in Cortex XDR to identify endpoint connection activity within a specific time window. The requirement is not to know when the endpoint was first registered in Cortex, so `first_seen` does not apply here. What I need is to identify: 1. Endpoints that changed from DISCONNECTED to CONNECTED during the selected ...

SD-WAN plugin: push preview shows existing tunnel interfaces and loopback as deleted. Is this normal behavior?

Hi all, sanity check needed. Standalone Panorama, SD-WAN plugin 3.2.2-h1, existing mesh cluster with two sites (two HA pairs) running fine in production. This weekend I onboarded a third site into the existing cluster. Commit to Panorama went fine, but before pushing, Preview Changes on the two production sites showed all the auto generated ...

FKahoul_0-1783331384698.png

Prisma Browser Beyond Has anyone used this?

Hello Team, The Prisma Browser Tech Docs mention the Prisma Browser Beyond feature, and it appears you enable it in SCM via PB -> Policy -> Rules -> Browser Customization -> Prisma Browser Desktop Extender; however, it is not visible in my SCM, which is currently running on Eval. Has anyone used this feature before? Referenc...

SangHoonLee_0-1783320580221.png

XSIAM Hash Search for WildFire

Hi, I wanted to know if there is a way or any api paths to be able to query for hashes for the WildFire Reports- Basically, achieving this capabilities but using API and not from GUI, I couldnt find anything that matches this in their - public_api/v1

Bar_Magnezi_0-1783313263756.png

Resolved! Cortex XDR agent protection after 90 days of inactive

Hello Everyone. I need your opinion to this topic. What will happen to the agent protection for the endpoint after 3 months of inactive. Correct me if im wrong. Cortex XDR agent will delete permanently from management console and database after default deletion which is 90 days. if i enable all the module in day 1 for an endpoint, then af...

Open Telemetry - OTLP

Has any XSIAM tenant had a plan to utilize OpenTelemetry Collectors to populate data into a VM Broker or any other method to utilize logs sourced via OTLP? Technically could convert the OTLP to syslog out to VMBroker but not sure yet what is lost in that.

Urgent need of help trying to reach tech support without a case #

I have a PA-820 but I can't create a ticket because I can't get past the account activation. I'm stuck in a loop because my device serial number doesn't match my customer ID for some reason. Our workforce is without network due to this device and I can't get past the internet to get actual help. How can I talk to a human at Palo Alto to get ...

no incidents generated since May 20?

Our Cortex XDR instance stopped generating incidents when detecting malware and other threats. (Somewhat similar to "Cortex XDR - Blocked Hashes on newer systems do not show in Incidents" - except in our case, this is across the board on all devices, for all threats and behaviors.) (If we initiate a malware scan on the affected device, an incide...

Resolved! Cortex XDR and Microsoft Defender Coexistence and Performance

Hello Cortex XDR Community,We recently were asked to have official guidance regarding the coexistence of Cortex XDR Agent and Microsoft Defender on Windows endpoints. My questions to the community and experts is: - Is the coexistence of Cortex XDR and Microsoft Defender Antivirus officially supported? - Is the coexistence of Cortex XDR and Micr...

Captive portal reauth

Im using captive portal in Palo Alto and each 3-4 hours i receive this: I need to reauth. Why is happening this? any timeout o cookie? where should i check?

Captura de pantalla 2026-07-02 132032.jpg
BigPalo by L4 Transporter
  • 76 Views
  • 2 replies
  • 0 Likes

Resolved! Orphaned Cortex XDR Agent enforcing USB read-only on personal laptop

Hello, I have a personal Windows 11 Pro laptop with Cortex XDR Agent 9.2.0 installed. The agent is no longer connected to any management server and the GUI shows: Connection: No connection to server However, Device Control is still active. Every time I connect my Samsung T7 Shield external SSD, I receive the notification: "Cortex XDR | Device Co...