This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4346 Views
  • 0 replies
  • 3 Likes

Application Fingerprinting

Hello Community, I want to understand if application fingerprinting can be achieved in cortex. If yes, what is the approach of achieving default block for all the unknown application. Thanks and Regards.

Dead Space

This has been bothering me for a while. Look at all this useless space that is taken up now! 1/3 of the screen is useless. I wish I could scroll it away, but we are forced to deal with it. The information I need to actually review is even further down in the bottom 40% of the screen.

GPereira950193_0-1778519819702.png

dataset xdr_data field auth_outcome_reason codes table

we often see entries in dataset xdr_data where auth_outcome = "FAILURE" and auth_outcome_reason contains a code number (e.g. 14, 18, 25, …). It seems that these codes are PAN internal and I could not find a table explaining where these codes come from and what they mean. Does anybody know the explanation of these codes? Thanks

atschopp by L0 Member
  • 167 Views
  • 1 replies
  • 0 Likes

Is there an API to add IPs to Cortex XDR EDL programmatically?

Hi community, I'm looking for a way to programmatically add IP addresses to the Cortex XDR External Dynamic List (EDL) via the XDR public API — ideally using a Python script. Currently, I can see that the EDL is referenced in the Audit Log API as an AUDIT_ENTITY value, but I cannot find any dedicated API endpoint to add or manage IPs in the EDL ...

Quarantined Files not appearing in Action Center

Hi there, We are having issues with files being quarantined on BIOCs but they are not appearing in the Action Center-->File Quarantine. We have verified both Broker VM and local machines experiencing this issue are not anywhere near storage quota. We can see the quarantine appearing in the trapsd.log file and we can see the packets making...

M.Crow by L1 Bithead
  • 191 Views
  • 1 replies
  • 0 Likes

Can I filter on hostnames in an array?

I'm running the following script, it should display the critical vulnerabilities on MacOS systems.//List critical vulnerabilities on all MacOS endpointsconfig case_sensitive = false| dataset = va_cves| filter os_type = ENUM.MACOS and severity = ENUM.CRITICAL | fields severity,name,description,affected_products,type,severity_score,os_type,affecte...

Resolved! After more than 2 years Linux vulnerability reporting is still useless.

It is about 2 years ago that the Linux vulnerabilities reporting issues where announced to Palo Alto.It's still not fixed. 😞It looks like Cortex does not look beyond the dash in the version numbers of installed applications. For example; Cortex is reporting a vulnerable zlib 1.2.11The one actually installed was: zlib.x86_64 1.2.11-40.el9which ...

Resolved! Cortex XDR Pro – Does it scan USB devices upon insertion?

Hi team, I would like to confirm the behavior of Cortex XDR Pro regarding USB devices: Does Cortex XDR perform any automatic malware scan when a USB device is connected to an endpoint? If not, what protections are applied at connection time (e.g., device control, behavioral detection, execution monitoring)? Is scanning of removable media only p...

Resolved! Updating Cortex Agent by MDM

Hello team, I need guidance on automating Cortex XDR agent upgrades across multiple endpoints using an MDM. Upgrading directly from the console is consuming significant bandwidth. We are evaluating options like P2P distribution, brokers, or staging updates, but face some challenges: Some endpoints are not associated with a broker. Upgrades may ...

Resolved! Es posible bloquear una IP en cortex xdr pro

Hello Community, I am working with Cortex XDR Pro and investigating the "Endpoint Blocked IP Addresses" section within the Action Center. I have a few specific questions regarding how entries are populated in this table and the best practices for targeted blocking: Orchestration: How exactly are IPs added to this list? Does it only reflect aut...

QuestionAb_0-1777933071076.png

MacOS uninstall password reset

Greetings! I have a problem about Cortex XDR uninstall password in MacOS. The agent got corrupted while upgrading and from then on it is not upgrading to a new version thats why i was trying to uninstall cortex agent then reinstall new one. sudo "/Library/Application Support/PaloAltoNetworks/Traps/bin/cortexxdruninstaller_tool" I used this...

XQL - Hostfirewall events

Hi everyone, What is the best and most efficient way to review network traffic and correlate or compare it with Host Firewall events using XQL? I am looking for the optimal approach to query and analyze this data together without impacting performance. If anyone has a sample XQL query or advice on how you handle this in your SOC, I would really ...

Resolved! Broker VM cli Admin password

Greetings everyone, How can we get the admin password of broker vm? i have connected via ssh to the broker vm's cli now i need to do some actions which require admin's password Cortex XDR

  • 2595 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks