This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4384 Views
  • 0 replies
  • 3 Likes

Reports no longer shows the source of an incident

Hello, One of our customers pointed out that since the 5.0 update of the Cortex console, the report output has changed.Before the update, the reports always displayed the source of the incident (as highlighted in the “Before.png” file). Since the 5.0 update, as you can see in the “Now.png” file, the source of the incident is not always displayed...

C.PAPET by L0 Member
  • 236 Views
  • 1 replies
  • 0 Likes

Suspicious executable detected Microsoft Store Purchase App

Hello everyone, Has anyone seen this process appear in Cortex XDR? C:\Program Files\WindowsApps\Microsoft.StorePurchaseApp_22603.1401.4.0_x64__8wekyb3d8bbwe\StoreExperienceHost.exe It’s showing up on an endpoint, but Cortex XDR isn’t providing any additional details, alerts, or related events. Before I dismiss it, I want to confirm whether thi...

XDR Not Recognising Hotpatches

We've started deploying WIndows Enterprise Hotpatches to speedup the adoption of patches and reducing the number of reboots required. Howver, XDR doesn't recognise the Hotpatches and is telling us that the endpoints are still vulnerable. This is a known "limitation" according to support. What are others doing in this space please?

Resolved! Local Analysis Malware - Signed exe

Hello, we have following case: The "Local Analysis Malware" module blocks a self-developed, unsigned tool. However, after signing the tool with our own certificate, it is no longer blocked—even though we have not added or configured this certificate in any of the policies. How can this behavior be explained? Does Cortex integrate with or ref...

M.Wempen by L0 Member
  • 329 Views
  • 2 replies
  • 0 Likes

analytics bioc tune

Hi, I'm trying to suppress false positives from native XDR Analytics BIOC detections (e.g. "Rare RDP session to a remote host") for specific machines in XSIAM 3.5. The documentation mentions Issue Exclusions under Exception Configuration, but I only see: IOC/BIOC Suppression Rules Disable Injection and Prevention Disable Prevention Rules Where...

On-write file examination / cross-platform examination for Linux

Dear LIVEcommunity Has anyone been able to test out the new Linux / MacOS cross-platform examination module? I created a new Linux Malware Profile and set the "On-write File Examination" for "Portable executable files (Windows)" to Enabled, applied it to a policy for my Linux endpoint, waited for the policy to apply and then copied a WildFire ...

andreal by L1 Bithead
  • 230 Views
  • 2 replies
  • 0 Likes

Getting Cortex Copilot

Hello Team, I have been researching the Cortex Copilot functionality and would like to clarify a few points regarding availability, licensing, and compatibility. Currently, we have a Cortex XDR Pro license, and I would like to understand: How can we obtain or enable the Cortex Copilot functionality? Is there any additional license, subscription...

Resolved! bioc not prevent

Hi everyone, i've created this bioc: dataset = xdr_data | filter event_type = ENUM.LOAD_IMAGE | filter ACTOR_PROCESS_COMMAND_LINE contains "netsh" and ACTOR_PROCESS_COMMAND_LINE contains "advfirewall" and ACTOR_PROCESS_COMMAND_LINE contains "set" and ACTOR_PROCESS_COMMAND_LINE contains "currentprofile" and ACTOR_PROCESS_COMMAND_LINE contains...

tlmarques by L4 Transporter
  • 393 Views
  • 1 replies
  • 0 Likes

How to add exception for known macros detection by cortex XDR

We are facing alerts for some excel enabled macro files are getting blocked in local analysis which is known and signed. After certain time file verdict changed to benign but still its triggered in local analysis and user unable to execute it. Please help us how to unblock this without adding specific path under exception. Thanks

Cannot add BIOC rule to restriction profiles

Hello, I'm receiving malware incidents with files signed by the same signer entity. However, Cortex XDR often only detects these files without blocking them. I want to prevent this behavior by creating a BIOC rule that detects processes with that specific signer and converting it into a prevention rule. However, when I try to add the BIOC rule...

SAlves_0-1778845767968.png
S.Alves by L0 Member
  • 305 Views
  • 1 replies
  • 1 Likes

Cortex XDR MITRE ATT&CK v16 -- We're Now on v19. Can We Talk About This?

Hey LIVEcommunity, I have been sitting on this for a while and finally decided to write it up because I am pretty sure I am not the only one running into this. If you are a detection engineer or SOC analyst building BIOCs in Cortex XDR and leaning on MITRE ATT&CK to organize your detection coverage, this one is for you. So Here Is What Ha...

D.Ogle by L0 Member
  • 499 Views
  • 0 replies
  • 3 Likes
  • 2608 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks