Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Automatic status assigning of Incidents

Hello,

 

The Resolved- False Positive incidents are automatically getting assigned to Under Investigation even though there are no updates or alerts regarding the incident. 

The above keeps on repeating every day. Any idea why this is happening and

...

Aiman_Fathima_0-1659698513781.png

DTRH: Scripting Anything and Reaping Data

 

 

DTRH: Scripting Anything and Reaping Data

 

Overview

Customers are always asking for additional capabilities in the product and often times these feature request may come during a POC where having that capability can be the deciding factor in wi

...

JEbrahimi_0-1622052573092.png
JEbrahimi_1-1622052573097.png
JEbrahimi_2-1622052573099.png
JEbrahimi_3-1622052573100.png

Resolved! Alert from which source/rule?

Hello!

 

We have some alerts which show us a large upload. 

 

 

My problem is now, I saw other clients uploading a ton of bytes, but this Alert wasn't fired. 

I also cannot find any Rule for this. 

Where is it comming from? 

 

BR

 

Rob

 

 

RFeyertag_0-1659634616953.png
RFeyertag by L4 Transporter
  • 2535 Views
  • 3 replies
  • 0 Likes

Resolved! XQL query with multiple values

Hello Community,

 

I'm been using the platform for a couple months and recently I'm getting interested in XQL query.

My question is how to I simplify the search string if i have multiple values that I need to insert?
With the example below, i'm lookin

...

XDR_DATA logs ingestion to splunk

I am thinking of a way to bring in xdr_data dataset logs which we see in xdr query builder to splunk.

As of now i am ingesting the alert and incident data from cortex xdr into splunk.

Can anyone suggest, how i can achieve this?

 

Cortex XDR Query Builder

Hello Community,

Was wondering whether someone could assit me with an issue.

So at the moment i cannot make any search via the "Query Builder".

When i move to query center and create a custom query i can only return results when i search "dataset = pan_

...

willh1_0-1659109209207.png
willh1 by L0 Member
  • 1745 Views
  • 1 replies
  • 0 Likes

Resolved! Event_Sub_Type Failed to run

When running this XQL query if I add event_sub_type to the filter it fails to run

I can run the query without any filters, and then add the event_sub_type column without issues

 

dataset = xdr_data
| filter event_type = ENUM.FILE and (event_sub_type =

...

NathanBradley_0-1659458727567.png

Upgrade agents locally

Hello,

 

Is there any option available to upgrade agent from local agent console? (Eg: If local IT team can upgrade agent from endpoint directly)

 

Thanks

 

NivedaR by L2 Linker
  • 2505 Views
  • 5 replies
  • 0 Likes

Resolved! Can't register Broker VM

I downloaded and setup the Broker VM Virtual machine in Hyper V on a server 2016 computer, I log into the IP address, go through the setup steps, test my connection to the time server, then click register and paste the token from the page I got the V

...

brokerVMerror.jpg

Resolved! XQL "call" functions from scripts library

Hi Peeps,

 

So XQL has this call function to fetch results from a saved query in the query library. Lets take this for example:

 

call "All appdata executions for the past 30 days"

 

Now, the problem is that my saved query is waiting for a parameter

...

Endpoints not being reflected on the XDR console

Hello ,

 

We are facing an issue where an endpoint will be reflected on XDR console but after some time the same endpoint will not be seen on the console . Somehow it will come again after a while or a day or two. Does anyone know why this might be h

...

NivedaR by L2 Linker
  • 1670 Views
  • 3 replies
  • 0 Likes

Resolved! Xdr ramsonware test is not detected

Hi. We recently we have acquired a solution to test our systems.
In one of the tests, we have detected that Cortex does not detect attacks, such as using util control with .net injection.
The test machine has created a malware profile with everything l

...

  • 2063 Posts
  • 81 Subscriptions
Top Solution Authors
Top Liked Authors