Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 78 Views
  • 0 replies
  • 1 Likes

XQL query for incident report

I like to get a hint how i can build simple xql query for  overtime timeframe for incidents. I need to filter that data, but that kind report that i can show example monthly base report for customer. where there are data for each day

T.Nurmi by L0 Member
  • 454 Views
  • 3 replies
  • 0 Likes

Disable notification in user agent

Hello,
I have an exception rule on a file that is being applied correctly. The file executes because of this exception, but in the user agent you get a warning that an unusual activity has been encountered or that a malicious activity has been encount

...

Impossible uninstall Cortex XDR

Hello,

 

Because of my previous work, I had to install Cortex XDR to work remotely from home and access to the VPN.

Now that I'm no longer working for them, I would like to uninstall Cortex XDR from my laptop (MacBook Pro M2) but it is impossible. I

...

Rixals by L2 Linker
  • 1005 Views
  • 22 replies
  • 0 Likes

Agent stops because of full storage

Hi,

 

We recently encountered an issue where an XDR agent stopped functioning, and all protections were disabled (except for tamper protection) due to a full temp folder. Has anyone experienced a similar problem and identified the root cause or poten

...

paIoaItonetworks_1-1736243068553.png

FTP Transfer Custom BIOC

Hello Palo Alto LiveCommunity,

 

I’m currently working on a task where I need to create a custom BIOC (Behavioral Indicator of Compromise) and add it to a restriction profile to block FTP command lines. Specifically, I want to prevent FTP-related com

...

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 78 Views
  • 0 replies
  • 1 Likes

Basic questions to host firewall

Hello dear community, 

 

what is the correct setting for disabling the management of host firewall through Cortex XDR? Why do I wan't that? Because I need to get the windows firewall running through GPOs. Host firewall from PA Cortex is not suitable

...

RFeyertag_0-1735955355407.png
RFeyertag by L4 Transporter
  • 174 Views
  • 1 replies
  • 0 Likes

LSA Protection and antimalware DLL loading

We currently have deployed LSA Protection and code integrity in Windows 11 (build 24H2).

Cortex XDR agent 8.6.0 is installed. When trying to load a DLL from another security tool (Ivanti Device and Application Control), Code Integrity is blocking the

...

error.PNG

Unable to retrive downloaded exe's

Hello everyone,

 

I was trying to check all the downloaded exe's via firewall on all the endpoints in past 24hrs. I tried retrieving all downloaded exe's in downloads folder with the help of this query below. 

dataset = xdr_data
| filter event_type =

...

USB drive Alert

kindly we need your support, I want to get alert when a USB drive is connected to workstation and not blocked by Symantec AV.

I have tried several times with correlation rule, I found XQL query very effective, and it is as follows:

 

 

Spoiler
config
...

  • 2117 Posts
  • 82 Subscriptions
Top Solution Authors
Top Liked Authors