Cortex XDR Discussions

XDR Multi tenant MSSP Add on Modules

Does anybody have any details on how add on licenses (eg, Forensics,Host insights, ITDR etc) work within a Multi tenant XDR environment? Does the add on license automatically apply to all child tenants or does it have to be assigned? Does everything

Unpatched Vulnerabilities Protection

Hi,

I see this written in Unpartched vulnerability protection module section "Modify system settings temporarily as a workaround to protect unpatched endpoints from known vulnerabilities".

I have searched but found no details regarding this, can anyo

Any way to scan for specific Registry DWORD entries with a value of 1 under a targeted Hive?

Im trying to figure out how to write a script to search for the DWORD values of "State" and "RefCount" that = 1 in the sub folders (profiles) in the hive: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList Then show the hostn

Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

TLDR; Cortex dashboard shows EOL agents on Windows machines but upgrades fail, uninstalls fail, and Cortex is not showing as an installed program. However, Cytool can be disabled/enabled.

-----

We have a few machines with outdated agents. Using the C

SLS is required for Ingesting NGFW logs?

Hello all,

I have Pro per GB in my Cortex XDR and wish to gain more visablity in Network.
Is it compulsory to have Strata Logging Service license in order to make this works?
does Strata Logging Service license comes with my Firewall subscription or do

NGFW alerts to Cortex XDR

Hi team,

I have a technical cuestion but could not find the answer in the documentation.
I assume that to ingest NGFW alerts into Cortex a Pro Per GB license is needed. The cuestion is: Is there any way to configure the ingestion of the panw_ngfw_thre

Process Explorer Triggering Cortex XDR Alert – Clarification Needed

Hi,

When our system administration team uses Process Explorer (Microsoft version), Cortex XDR  does not block the execution, but it generates alerts/incidents.

Alert Details:

• Alert Name: Impair Defenses - 3645069560

• Description: A tampering-capable

XDR 7.6.1 seems to ignore exception

Hi, Cortex XDR Local Analysis Malware module stops a process called "ClientConsole.exe" (I guess it's a false positive)

I've created a global exception for that issue and checked-in client but XDR still blocks this executable.

In client log I read th

[Cortex] How to Block Multiple C2 IP Addresses Using Cortex XDR

Dear Everyone,

My customer has a requirement: they would like the Cortex XDR Agent to detect and block multiple specified C2 IP addresses.
I would like to ask if anyone has encountered a similar case or has any relevant experience to share.

Currently,

Cortex xdr agent distributed network scan

Hi Team,

We have enabled the Cortex XDR agent's distributed network scan, and we are getting successful results in the XDR Management Console. Our question is: Which port is used by the XDR agent to identify unmanaged assets

bulk broker vm modifications

Hello,

we did a tenant migration and for some reason a lot of broker VM settings are still pointing to the old one.

We were wondering if it was possible to change the settings for it in bulk.

Thank you for your inputs.

Cortex XDR Get Incident API function 'hosts':None

I'm currently testing the api for Cortex XDR, in particular the 'get_all_incidents' function under '/public_api/v1/incidents/get_incidents' url.

Reference : https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-all-Incidents

While test