Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Named pipe hunting -Cortex XDR Pro

Hello dear community!

Is there a way to hunt for named pipe communication?

Rob

https://svch0st.medium.com/guide-to-named-pipes-and-hunting-for-cobalt-strike-pipes-dc46b2c5f575

How to query for Vulnerability Assessment Data

I would like to query XDR externally for the data stored in the Host Insights > Vulnerability Assessment page.

I looked through all of the available APIs, but none of them seem to have data related to CVEs. I would not be opposed to writing a custom

...

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Hello dear communinty,

we would like to know, if there will be a functionality in the future like applocker or MDAC for whitelisting applications/scripts/etc.. If they are not in out WL, they cannot be executed and we get a information/alert.

...

Resolved! Filter incidents on action in Cortex XDR

Hello,

I would like to filter incidents on what kind of actions have been taken. Is this available or should I make a feature request somehow?

Ie. filter on all incidents containing alerts that have prevented as action. Or Filter out any where the

...

Resolved! Cortex XQL incident query

Hello PAN community !!

I'm new in this platform and I am a little lost here. I'm trying to create a query to list all endpoints of a specific endpoint group with all its incidents (malware,etc).

To get the endpointgroup and its endpoints I'm using

datas

...

Cortex XDR: False Positive detection of VulnDetect scripts

Hi,

A number of our customers has complained about our signed PowerShell scripts being flagged and, in some cases, blocked by Cortex XDR.

The scripts in question can be found here:

https://stream.vulndetect.com/e/task.ps1

https://stream.vulndetec

...

Resolved! Linux support for XDR

Hi,

Which Linux distributions does Cortex support?

Host Firewall

Hello Team,

We intend to enable the Host Firewall feature in the Cortex XDR. Please give us a brief overview of how this feature works.

Not able to set Proxy for Windows 2012 servers

Hello ,

We are unable to see few servers in our endpoint list. But the user confirmed it has cortex installed in it and is enabled also particularly For Windows 2012 servers we're not able to set the proxy and for some hosts last seen connected dat

...

Agents Intermittently Disappearing in Cortex XDR Then Shows Up

Hi,

Some Agents in Cortex DXR disappears then shows up after few days - no pattern at all

If my understanding is correct, if the Agents are disconnected or there's a connection lost, the Endpoint Status column will dictate it.

But the Agents in q

...

Cortex XDR PoC: Monitoring Malicious Chrome Extensions

PoC Lab: Monitoring Malicious Chrome Extensions

By: @mfakhouri

Executive Summary

With the convenience Chrome extensions provide, such as ad blocking, enhanced web viewing, and improving user experiences, it is no surprise that malicious act

...

Operational status unprotected with error message running without valid content

Related to Cortex XDR

we are observing operational status as unprotected for some endpoints and the error says running without valid content.
But at the same time we also observed some of the agents running on the the latest agent version also having

...

Resolved! A question from the Endpoint Administration Part 2 webinar: Alert ID

We often notice alert_id out of the numerical order, chronologically, sometimes way off. It appears like XDR is detecting something later and assigning an older timestamp but a new alert_id to detection. Can someone provide some detail/explanation on

...

Resolved! Exclusion criteria import

Hi all.

Does anyone know of a way - or a work around for the following situation.

I have a long list (about 700) IPs that I want to create an alert exclusion from. These are external scanners that our firewall blocks and we get a large amount of

...

Pop-up Blocked Alert Not Displaying Blocked File

Hello,

A client received a pop-up blocked alert because a suspicious executable was found on their machine. When the client went to view more details, the executable that was blocked was never displayed in the details information. Why is that? By t

...

User

Count

User

Likes Count

2 Likes

1 Likes

Cortex XDR Discussions

Discussions