Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1044 Views
  • 0 replies
  • 2 Likes

Resolved! CIE having issues?

Hi team

 

Just now I noticed a banner saying CIE not sync'ed for 72 hours (screenshot attached).

 

It happened to all our managed clients at about the same time so I'd like to ask here first if this is currently a known issue?

 

Thanks!

tmeksik by L2 Linker
  • 371 Views
  • 4 replies
  • 0 Likes

Cortex scan report

Hello all,

 

I am a new user of Cortex XDR and I noticed that upon scanning a host, the malicious files identified by the scan are so difficult to find. I was expecting a proper scan report, where I can actually see the name and path of the identifie

...

XQL Query Assets XSOAR

Hi everyone,
I need your help.
I'm trying to create a CMDB using a playbook in Cortex XSOAR  , pulling data from the Cortex XDR tab Asset Inventory (XDR-managed devices as well as others collected via mappers and IoT firewalls).

My idea is collect all a

...

tlmarques by L4 Transporter
  • 246 Views
  • 3 replies
  • 0 Likes

Adding exception for weekend

Hey guys, I’m looking to exclude some detections that occurred over the weekends and could use a hand with crafting that query.

My current thought process is to add exceptions for weekend dates, but that would be a continuous task and doesn't seem ve
...

S.Javeri by L0 Member
  • 108 Views
  • 1 replies
  • 0 Likes

Resolved! Get Data Per Week within a Month

Hello, I would like to ask how to retrieve dat per-week within a month. My current query is like:

 

config timeframe = 30d
| dataset = incidents
| bin creation_time span = 7d

.....

but i don't think its working  properly, could you please help me to f

...

G.Anshar by L0 Member
  • 145 Views
  • 1 replies
  • 0 Likes

Detect user who moved a folder using XDR and XQL

Hi everyone,

I need help identifying which user moved a specific folder from a network share to another location. The only information I currently have is:

  • The old folder path (e.g., \\server\share\oldfolder)
  • The new folder path (e.g., \\server\users\
...

tlmarques by L4 Transporter
  • 179 Views
  • 1 replies
  • 0 Likes

Full disk access requirement on macos agent

Hi team

 

A couple of questions here:

 

1) Is full disk access required for agents running on macOS Sonoma and Sequoia?

 

2) What is the meaning of "Requires full disk access: False" in the "cytool status" output? (screenshot attached)
The endpoint we

...

tmeksik by L2 Linker
  • 238 Views
  • 2 replies
  • 0 Likes

HELP With XQL Query to fetch All Assets

Hello Everyone, 
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets. 

 

Thank you 

 

Cortex XDR 

Resolved! Exclusion process cortex?!

Hi,

How can I create an exclusion in Cortex XDR to stop it from scanning a specific executable??

We have a critical software in our company, and we've noticed that Cortex is constantly analyzing it, causing the machine high CPU and MEM.

How can we excl

...

tlmarques by L4 Transporter
  • 2192 Views
  • 4 replies
  • 0 Likes

Resolved! Cortex XDR file quarantine

Hi Team,

 

i have two general questions,

 

1-can i delete a file from multiple endpoints but with different paths from the action centre?

 

2- i understand that cortex can quarantine a malicious file but is there an option to delete it without my int

...

oasha by L0 Member
  • 300 Views
  • 1 replies
  • 0 Likes
  • 2345 Posts
  • 87 Subscriptions
Top Solution Authors
Top Liked Authors