Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

XQL Query DNS resolutions

I'm attempting to pull out the name, type, and value from the dns_resolutions data

The below query results in "FAILED TO RUN QUERY" with no data, removing the alters does return data however no fields available return "value" in the dns_resolutions

...

Resolved! status service/agent in Linux servers (Redhat)

Hi everyone,

I have a doubt

how can I check the status of the cortex xdr service / agent in linux?

Thanks in advance.

greetings.

PoC - Using Cortex XDR to Block Software Installations

MTTR - MTTA

Hello, is there a way to compute the Mean Time to Acknowledge (MTTA) and Mean Time to Respond (MTTR) statistics of all the cases ?

thank you in advance

Resolved! We need to update Cortex on multipel MacOS client, script ?

Does anyone have a script how to update Cortex on a MacOS with Bash ?

Cortex XDR

Can I disable the Cortex XDR on anyone of the endpoint(workstation or server) for temporary purpose from the XDR Console.

Multiple Queries regarding cortex XDR

Hello,

Is it possible to know the following :

1. Whether BIOC rules generate alerts/incidents in case there is a match for Custom prevention rules.

2. Any method to bulk hash blocking using Action center.

3. If we are hosting

...

Ways to identify cluster and namespace details for k8's

Is there a way we can identify cluster and namespace details for k8's and not just nodes and containers

Cortex XDR for OCI

Hi ,

Trying to find out if cortex xdr supports OCI.

Community Expert Verified

Resolved! Is it possible to block IOC from Cortex XDR?

I'm trying to block domain across in our environment. I don't want to use url filtering on PA FW, but I want to use XDR IOC to block it. is possible to do it?

Alerts with weekend trigger

Hello dear community,

As you know, weekends and on holidays the priority of alerts rises.

Is there a way to trigger in XQL Rules which are only fired on weekends and on self selected holidays?

Like on weekend anybody who opens powershell trigg

...

Active Scanning on Endpoints

We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.

Resolved! Cortex XDR Windows 11 ARM Support?

Are there any talks about Cortex XDR support for Windows 11 ARM?

Query to get the number of the operating system.

Hello,

I have used the below query to get the number of the operating system.

dataset = endpoints
| filter endpoint_status = CONNECTED
| alter operating_system = to_json_string(operating_system)
| alter operating_system1 = regextract(operating_system ,

...

Cortex XDR Agent license

If we keep Agent Status Configure the Cortex XDR Agent license revocation and deletion period connection lost as 30 days and Agent Deletion days as180 days will the entry be deleted from the console will it delete logs also for the deleted entries be

...