Cortex XDR Discussions

IoC Source Reliability Basis

Hi Team,

On what basis this Reliability level is classified on Cortex XDR

Thank you

BTP Exception not working for ps1 script

Hi Team - 

I've created a Legacy Agent Exception Rule to prevent the Behavioral Threat Protection component from blocking a specific (and legitimate) .ps1 file on my network (within a specific user profile), but Cortex keeps blocking the script.

The

User Message on IOC trigger

Hi,

We have enabled user notifications in agent profile settings, when an event like malware detection occurs it is displayed to the user immediately. However, it does not show a notification for an IOC. Can we make a message appear for an IOC even

Automatic endpoint isolation after an unauthorized attempt to delete an agent.

Hi. Maybe someone know, if there is such an opportunity to create a rule that will automatically isolate the hosts on which attempts have been made to remove the agent in a non-traditional way?

RedHat 8/9 XDR client count limited

As I have added clients to my XDR Linux group I have seen a situation where I hit a limit on client count (under 20 BTW). After I have them all added there will be 2 or 3 missing. If I restart the process on a missing client, that one immediately app

[Cortex XDR] Are there any How-To video recordered about Windows Event Collector applet for the broker VM?

Dear, 

Following the acquisition of the Pro license for GB to collect Windows logs from domain controllers, I saw documentation regarding the configuration of the Windows Event Collector applet from the Broker VM.

However, I was wondering if there

Cortex Broker Mapper scans

We’re experiencing an issue with Cortex brokers related to the network mapper.
When we run network scans using the "ICMP Echo" flag, the scan completes successfully and everything works as expected.

However, when performing a "TCP SYN" scan on the foll

XDR Analytics Data source

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Analytics-Alert-Reference-by-data-source/BitLocker-key-retrieval https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Analytics-Alert-Reference-by-data-source/Exchange-mailb

Cortex XDR- Compromise Assessment

Hi, we recently moved to Cortex XDR, and I’m struggling to run a forensic script (such as AmCache) across 100 endpoints. I need to have all the results automatically combined into a single Excel sheet after the script finishes, similar to how Fidelis

Requesting Cortex XDR Demo

How can I get a cloud demo for Cortex XDR? I’ve tried requesting one, but I haven’t received any email back from Paloalto.

https://www.paloaltonetworks.com/cortex/request-demo 

Cortex XDR 

Cortex XDR-Agent failed to generate support File - Error 13 - Error 109

Greetings,

when trying to create a Support File via Agent-GUI or CMD on a Windows Client, the Operation either crashes the Agent-Service (GUI) or Outputs the Error shown in attached Screenshot.

- Disk-Space on Client is >100GB

- Connection to Cor

XDR CIE

How is CIE configured in XDR MSSP? Is it only on the parent and then shared to child tenants or can it be configured differently on each of the child tenants?

Installing Cortex Agent on Linux LXD

Hello everyone,

I am looking to install the Cortex Agent on a Linux system within an LXD container. Does anyone have insights or a step-by-step guide on how to install the Cortex Agent in this environment?
Additionally, is Cortex officially supported