This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

DTRH: Scripting Anything and Reaping Data

 

 

DTRH: Scripting Anything and Reaping Data

 

Overview

Customers are always asking for additional capabilities in the product and often times these feature request may come during a POC where having that capability can be the deciding factor in wi

...

JEbrahimi_0-1622052573092.png
JEbrahimi_1-1622052573097.png
JEbrahimi_2-1622052573099.png
JEbrahimi_3-1622052573100.png

Resolved! Alert from which source/rule?

Hello!

 

We have some alerts which show us a large upload. 

 

 

My problem is now, I saw other clients uploading a ton of bytes, but this Alert wasn't fired. 

I also cannot find any Rule for this. 

Where is it comming from? 

 

BR

 

Rob

 

 

RFeyertag_0-1659634616953.png
RFeyertag by L4 Transporter
  • 2543 Views
  • 3 replies
  • 0 Likes

Resolved! XQL query with multiple values

Hello Community,

 

I'm been using the platform for a couple months and recently I'm getting interested in XQL query.

My question is how to I simplify the search string if i have multiple values that I need to insert?
With the example below, i'm lookin

...

XDR_DATA logs ingestion to splunk

I am thinking of a way to bring in xdr_data dataset logs which we see in xdr query builder to splunk.

As of now i am ingesting the alert and incident data from cortex xdr into splunk.

Can anyone suggest, how i can achieve this?

 

Cortex XDR Query Builder

Hello Community,

Was wondering whether someone could assit me with an issue.

So at the moment i cannot make any search via the "Query Builder".

When i move to query center and create a custom query i can only return results when i search "dataset = pan_

...

willh1_0-1659109209207.png
willh1 by L0 Member
  • 1759 Views
  • 1 replies
  • 0 Likes

Resolved! Event_Sub_Type Failed to run

When running this XQL query if I add event_sub_type to the filter it fails to run

I can run the query without any filters, and then add the event_sub_type column without issues

 

dataset = xdr_data
| filter event_type = ENUM.FILE and (event_sub_type =

...

NathanBradley_0-1659458727567.png

Upgrade agents locally

Hello,

 

Is there any option available to upgrade agent from local agent console? (Eg: If local IT team can upgrade agent from endpoint directly)

 

Thanks

 

NivedaR by L2 Linker
  • 2518 Views
  • 5 replies
  • 0 Likes

Resolved! Can't register Broker VM

I downloaded and setup the Broker VM Virtual machine in Hyper V on a server 2016 computer, I log into the IP address, go through the setup steps, test my connection to the time server, then click register and paste the token from the page I got the V

...

brokerVMerror.jpg

Resolved! XQL "call" functions from scripts library

Hi Peeps,

 

So XQL has this call function to fetch results from a saved query in the query library. Lets take this for example:

 

call "All appdata executions for the past 30 days"

 

Now, the problem is that my saved query is waiting for a parameter

...

Endpoints not being reflected on the XDR console

Hello ,

 

We are facing an issue where an endpoint will be reflected on XDR console but after some time the same endpoint will not be seen on the console . Somehow it will come again after a while or a day or two. Does anyone know why this might be h

...

NivedaR by L2 Linker
  • 1678 Views
  • 3 replies
  • 0 Likes

Resolved! Xdr ramsonware test is not detected

Hi. We recently we have acquired a solution to test our systems.
In one of the tests, we have detected that Cortex does not detect attacks, such as using util control with .net injection.
The test machine has created a malware profile with everything l

...

Resolved! Exporting alert related data

Hi All,

 

Is there a way to export all the alert data which appears below Causality chain like network connections, registry changes, etc ?

 

I don't see any download or export icon on the right-hand side of the pane. 

 

Do we have any other way to e

...

MithunKT by L2 Linker
  • 3744 Views
  • 4 replies
  • 0 Likes
  • 2077 Posts
  • 82 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks