Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4433 Views
  • 0 replies
  • 3 Likes

Resolved! Palo Alto BIOC rule content error [specific rule]

Hello, There is an issue with one of the BIOC rules provided by Palo Alto. Specifically in the rule with Global ID "94fed992-c1da-4b69-9caa-292221b8c070". The wildcards for the command line arguments that this rule intents to detect, are off. To be precise all leading wildcards in this detection have a space afterwards, thus rendering the rule u...

ithermos by L1 Bithead
  • 2642 Views
  • 2 replies
  • 0 Likes

Resolved! XDR API File Retrieval

Hello, I'm trying to connect an integration with our Cortex XDR for retrieving a file and its details. The only endpoint I see in the API docs that reference this action is the File Retrieval Details which uses the group_action_id from a different API request "Retrieve File" However, I am unable to find the docs on the Retrieve File endpoint...

Kevhardy by L0 Member
  • 3228 Views
  • 2 replies
  • 0 Likes

Resolved! Powershell Script and XDR

There is a PowerShell script that we would like to use within XDR. I understand that XDR currently is not able to run PowerShell scripts, the problem is I am not a coder. I have been trying to learn how to convert our script to Python but I am just about to give up. In my research, I found some posts from users on various websites explaining t...

Performance Issues update from 7.9.0.20664 to 7.9.1.26645

Hello dear Community! We habe seen, the updgrade on 7.9.1.26645 or a following policy update changed something on our server with DB and Application. Our application (DB on the same machine) is much slower, than before 07.03. Every step takes now much longer than before. Does anyone else have issues like this? BR Rob

RFeyertag by L4 Transporter
  • 2415 Views
  • 2 replies
  • 0 Likes

Licence Cortex XDR Pro

Hello dear community, I know now, if you have less licences than installed agents, somehow they are degraded to Prevent. Can we see somewhere which one is degraded to Prevent version? How is degrading happen and where can I see it? BR Rob

RFeyertag by L4 Transporter
  • 1448 Views
  • 1 replies
  • 0 Likes

XQL Query: Finding Location of Public IP based on iploc command.

We are trying to find out ASN number, Organization Name, Location, City, Country for public IPs. Below is our query just in case: Note: The query which we ran is applied on interface which are receiving public facing IPs. We filtered that part of the query. config case_sensitive = false | dataset = panw_ngfw_threat_raw | fields rule_matched...

KanwarSingh01_0-1678149273362.png

Which agent version to be installed on Operating system Windows Server 2008 Version 6.0(Build 6003:Service Pack2)

We are unable to see exact agent version details for the Operating system Windows Server 2008 Version 6.0(Build 6003:Service Pack2) in the compatibility matrix sheet by Palo alto only about Windows Server 2008 Version 6.0(Build 6003:Service Pack1) is mentioned there. Kindly help us with which exact cortex agent version needs to be installed on t...

USB PRINTER

Hi I have a issue, In cortex XDR i have usb block policy in that if i remove the ip address then only usb printer is working. I want to block the USB in that pc and same time i want to use USB Printer also. pls give me solution

  • 2624 Posts
  • 98 Subscriptions
Top Solution Authors
Top Liked Authors