XDR Auto upgrade Scope

XDR allows you to auto upgrade agent to any of the below:
 
Latest agent release
Only maintenance release
Only maintenance release in a specific version
Upgrade to a specific version

I want to check what exactly does "Latest agent release" means ?

Accor

Alerting Endpoint misses an endpoint group allocation

Hello dear community!

as you know, there are sometimes changes (computer names, domains, etc.) on the endpoints. 

And know there is also a cortex version from PA, which has the problem too "kicking" out the endpoint from the endpoint group (not rea

Excel not working with cortex

Hello,

We are facing issue while working with excel files when cortex is enabled, when we disable the protection excel start working properly, but when we again enable it, excel takes long time to open or close the file.

Kindly suggest.

Than

Periodic Scan on endpoints

Hello,

We intend to initiate malware scans on all endpoints. Which is the best approach to perform a periodic scan, is that on a weekly or monthly basis?

Exclude single .exe on single endpoint

Pretty simple need here....

Installing the latest version of WSUS Automated Maintenance from AJ Tek on our WSUS server and Cortex is blocking it with the description "Suspicious executable detected". How do I allow this to install? Is the best way

Cortex XDR: False Positive detection of LimaCharlie sensor (EDR agent)

A number of our customers are complaining about our domains being flagged and, in some cases, blocked by Cortex XDR.

The domains in question are:

limacharlie.io
9157798c50af372c.lc.limacharlie.io
70182cf634c346bd.lc.limacharlie.io
4d897015b0815621.l

Analytic BIOC Rules, right click open in query builder, informational severity not available

We have a support ticket open for "informational" analytic BIOC rules that are not alerting.

These do not show up in the incidents or alert table, but the number of alerts in that column has more than 0

Support has indicated there is not a way to view

Palo Alto Cortex XDR exclusions/exceptions use case example article for solving VPN agent interoperability issues

Hello to All,

I have made an interesting article about Cortex XDR use case for using isolation exclusions/exceptions when having VPN agent that blocks network traffic based on DNS FQDN Domains:

https://live.paloaltonetworks.com/t5/general-artic

Test File Post_Detection

Hello everyone, 

I am searching for a test file, which gets Post_Detected by XDR. 
I can´t find an official test file from Palo, maybe somebody in here has one. 
I will run this on a lab so no worries. 

Kind regards,

Marinus

ssh logins on linux servers

Hello,

How do we identify ssh logins on linux servers?

Regex Help Event ID 4720

Im attempting to get out the email address listed as User Principal Name in a 4720 event ID

Any help or explanation would be appeeciated

dataset = xdr_data
| filter action_evtlog_event_id = 4720
| alter User_Name = arrayindex(regextract(action_evtlo

Cortex XDR Pro - Tag capability in Asset Management

Hello dear PA community! 

It would be helpful, when there would be a possibility to tag an IP in Asset Management. We would like to enter the real Asset behind it. 

They have fixed IPs and we would like to have a chance to work with it. 

BR

Rob

Deploy Broker VM

Hello,

Is there any document regarding the steps to Deploy Cortex XDR Broker VM through VMWARE ESXI.