Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 755 Views
  • 0 replies
  • 2 Likes

File retrieval in user context

Hello,

Is it possible to retrieve a file which is only accessible in user's context? I have an incident which user opened a file from a network mapped drive. That drive might not be accessible by anyone except for the user.

 

Which user context is us

...

Resolved! XQL - Time alteration

Hello,

Here is the scenario:

I have a table lookup looking for a specific event.

dataset = xdr_data

| filter event_type = SOME EVENT   

| alter TimeOfIntereset = _time

Now I want to join this again with the dataset table to enrich it and perform furthe

...

XDR Collector DNS

Does anyone know if there is a native DNS collector, similar to the DHCP Collector Agent, for Cortex XDR ? My goal is to enrich XDR with more DNS-related information.

tlmarques by L4 Transporter
  • 384 Views
  • 2 replies
  • 0 Likes

Mac Cortex XDR Upgrade causing Device Freezing

Hello,

 

My organisation is currently running Cortex XDR 8.6.0 on Sequoia. We're finding that when performing upgrades of the application via the Console or by Jamf that the who device will freeze for 15+ seconds.

 

We're in an environment where we'r

...

Resolved! XQL query for incident report

I like to get a hint how i can build simple xql query for  overtime timeframe for incidents. I need to filter that data, but that kind report that i can show example monthly base report for customer. where there are data for each day

T.Nurmi by L1 Bithead
  • 1692 Views
  • 8 replies
  • 0 Likes

Zulu Time and Convert

so my goals is to convert a jsonextract of a few time stamps:
I want to combine them and make a total hours. so start time and expiration time = how many hours total. I cant seem to get the time formatting from a string or I am doing something wrong

...

Creating a stacked bar chart using XQL

 

I am creating a stacked bar chart that shows the number of alerts per data source per day.
Is it possible to display the data source in the displayed graph?

The stacked bar I created shows the time.
※Whatever I select for the X-axis will be displayed

...

XQL query for vulnerability

Hi. i need to do monthly report for vulnerabilities. So how to create like a trend report for 30 days

here is just example for get count, but how to do  trend report?

dataset = va_cves 
| filter severity >Medium
| filter affected_hosts_count >1
| fields

...

T.Nurmi by L1 Bithead
  • 288 Views
  • 2 replies
  • 0 Likes

Resolved! Initiate Script on Endpoint via API call

Hi Everyone,

 

I've been running Powershell scripts on my endpoints from Action Center > Run Endpoint Script > Execute Commands in the XDR interface. It works well, however I need to specify a manual query to target the endpoints I want each time i.e

...

Cortex Screen Shot.jpg
  • 2284 Posts
  • 86 Subscriptions
Top Solution Authors
Top Liked Authors