Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Cortex Scanning

Hi, I'm looking at doing a review on our Cortex policies and we currently have weekly scanning enabled. I know scanning for Cortex is not a traditional antivirus scan, but more for creating a benchmark for your endpoints.

After it does a scan, alerts

...

Cortex XDR 3.5 - Whitelist UI

Hello,

How Legacy Exceptions are different from Policy/profiles in Policy management.

Cortex XDR installed on personal computer which was used for work more than 5 years ago

Hi,

Hi have this personal computer which I used for work several years ago (5). I started working for another company and stopped using this computer for work stuff.

Recently, about a year ago, I started using it again for all kind of things (str

...

Resolved! timestamps for suppression rule (BIOC)

Hello everyone,

I need your help because I want to create a BIOC deletion rule, I have the hash, the username and the path but I would like this deletion to be effective during a specific time slot, can it be configured?

Cortex XDR: Block the Exit button with admin rights

Hello,

We have noticed that the user can simply exit the XDR on the system tray. Is there any way to block the exit button with admin rights or any way possible to avoid stopping the app?

Please note you are posting a public message where commun...

Resolved! Block Exe Files in User Download Folder

Hello,

i know that i can block specific files in cortex but i am looking for a solution how i can block only .exe files in Users download folder.

In the Malware Profiles i can see that there is only a allow list where i can write single filenames t

...

Traps anti-tampering supervisor password needed

In a document provided by my company some time ago, we were asked to install Traps on our personal computer, however, I found that it blocks certain programs(video game) when I'm not working. It seems it's not possible to uninstall this and a supervi

...

Resolved! Network Configuration Module

Hello,

What exactly is the use of the feature called active assets and active managed assets in the IP ranges section under the Network configuration module.

Applications hanging on terminal server since Cortex XDR Pro rollout

Hello dear community,

what is your expirience with slow applications when printing, saving documents (not responding) on a terminal server?

Yes, there are over 30 users on it and it was a bit slow before cortex xdr pro rollout. But now it is terri

...

Resolved! XDR Scan

Hello,

1. If we create a policy related to scanning of endpoints and apply that policy in all the machine and run it on all the machine at the same time. Is it this method possible? Will it create any issue?

2. Pop up messages to users for malicious

...

Logs not visible - XQL Query

Hello,

Currently we are trying to create a query that gives us the result if the user has executed Sudo command and then right after executed the cd command. Is it possible to write a query that searches for commands executed one after the other?

...

Login details in Cortex XDR

Hello,

We are trying to create a quarantine policy for machines that are not connecting to the console, so we are checking if NAC solution can fetch these details and based on that policy can be created. And also, where (file path or file name) can w

...

Resolved! Which one is better between cortex XDR host firewall and windows firewall ?

Hi All,

Is it a good idea to enable the XDR host firewall to manage all endpoint communication? or is it better to keep the default windows firewall enabled without using the XDR firewall?

I would be happier if someone suggests any article/docume

...

rare iptable delete command

We received couple of alerts on rare iptable delete command.On checking the host activity, we could able to observe all commands including newly entered command in the host machine but not able to see the iptable delete/flush command in the activity

...

Resolved! Cortex XDR Broker VM handling

Hello dear live community!

We are now at the step where we connect some Servers to Cortex XDR which should not connect directly to the Internet.

In the first mind we talked about the Tier 0 server. Today I was asked why we cannot bring all the se

...

User

Count

User

Likes Count

2 Likes

1 Likes

Cortex XDR Discussions

Discussions