Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

LSA Protection and antimalware DLL loading

We currently have deployed LSA Protection and code integrity in Windows 11 (build 24H2).

Cortex XDR agent 8.6.0 is installed. When trying to load a DLL from another security tool (Ivanti Device and Application Control), Code Integrity is blocking the

...

error.PNG

Unable to retrive downloaded exe's

Hello everyone,

 

I was trying to check all the downloaded exe's via firewall on all the endpoints in past 24hrs. I tried retrieving all downloaded exe's in downloads folder with the help of this query below. 

dataset = xdr_data
| filter event_type =

...

USB drive Alert

kindly we need your support, I want to get alert when a USB drive is connected to workstation and not blocked by Symantec AV.

I have tried several times with correlation rule, I found XQL query very effective, and it is as follows:

 

 

Spoiler
config
...

Disable notification in user agent

Hello,
I have an exception rule on a file that is being applied correctly. The file executes because of this exception, but in the user agent you get a warning that an unusual activity has been encountered or that a malicious activity has been encount

...

Forensic investigations for Linux platform

The Forensic investigations feature in Cortex XDR truly impressed me; it saves me a lot of time collecting evidence during investigations. But why does Cortex XDR only support Forensic investigations for two platforms, Windows and macOS? Windows is c

...

Install Cortex Agent on on-prem k8s

Hello, 

Anyone have experience installing XDR agent on on-prem cluster with docker installed.

The agent compatibility matrix mentioned XDR version 8.6 is supported 

 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matr

...

SeanDeHarris_0-1736752540698.png
SeanDeHarris_1-1736752617384.png

Unable to install Cortex XDR agent!

We are encountering an error during the installation of the Cortex XDR agent on one of the machines.

"Cortex xdr requires rollback/Commit to be enabled"

Could you kindly provide the solution to resolve this issue?

 

Cortex XDR 

AAlsaadi_0-1736876063576.png
AAlsaadi by L1 Bithead
  • 164 Views
  • 2 replies
  • 0 Likes
  • 2114 Posts
  • 82 Subscriptions
Top Solution Authors
Top Liked Authors