Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! LSASS creating a cache1.bin on appdata

We have an alert on 2 different device that LSASS is creating a cache1.bin on app data.

All are created by NT\SYSTEM

 

Location detected

C:\Users<my username>\AppData\Local\Microsoft\Windows\SFAP\cache1.bin

C:\Windows\ServiceProfiles\UIFlowService\Ap

...

Winget Command

Hello dear Community,

 

I have the following problem: I can’t use the Win-Get command on the XDR terminal in Cortex. Can someone help me to make this command executable on the PowerShell XDR terminal.

 

 

FRafuna_0-1723637086115.png
F.Rafuna by L0 Member
  • 815 Views
  • 3 replies
  • 1 Likes

Cloud Identity Engine

Hi Community,

 

We have integrated the Cloud Identity Engine into the environment. Currently, the Palo Alto Hub page shows the Cloud Identity certificate expiring in a month.

 

We checked the Palo Alto article https://docs.paloaltonetworks.com/cloud-

...

Resolved! json_extract_array do not return result

I've got json like below and trying to extract each key_name via json_extract_array but getting empty column vendor

query is

dataset = host_inventory

| fields application as aps

| alter vendor = json_extract_array(to_json_string(aps),"$.key_name")

 

...

XDR Agent 8.5.0.2457 on macos 14.5

Hi community,

 

After my laptop upgrade to the last version of xdr agent i get the following:

 

Randomly the system looks as if it's loading and after a few seconds it's back to normal. the machine doesn't crash but the mouse keeps showing the hourgl

...

LEYA-DSI by L1 Bithead
  • 737 Views
  • 4 replies
  • 0 Likes

Resolved! Cortex XDR Cloud Compliance

Hi Community,

 

We have enabled the Cortex XDR agent Cloud Compliance on certain Linux machines. The configuration was successfully completed, and the Cloud Compliance tab is visible. We are interested in retrieving the Cloud Compliance data using an

...

Alert "Script Activity - 245655498"

Hello everyone,

 

I just received this alert "Script Activity - 245655498" with this description "Suspicious script with keywords written in a non-standard way." in Cortex multiple times related to PowerShell script execution on a developer machine.

...

Tons of receptivity.io

I recently see a lot of my end machine shitting this domain: receptivity.io

 

Started (I dunno even know, a week ago?) My logs can no longer go far enough back to figure it out.

 

Cause I dunno, MS edge new tab? To hopefully remove the log entries I

...

Zewwy by L3 Networker
  • 2000 Views
  • 7 replies
  • 0 Likes
  • 2027 Posts
  • 81 Subscriptions
Top Solution Authors
Top Liked Authors