This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Resolved! XQL Query: Event Sub Type causing issues in Query

We have written a query to get certain files types being downloaded from browser process and get its parent process details etc. When we try to add the field event_sub_type we start receiving and error. If we exclude the field from the query we get proper results. If you run the below queries you will be able to produce the error. Please try t...

Resolved! Firewall logs to Cortex Data Lake log buffering

Hello, For firewalls managed with Panorama there's a setting in Panorama "Buffered Log Forwarding from Device" which tells the firewall to buffer it's log in the case of loss of connectivity with Panorama. Does anyone know if there is an equivalent feature when sending logs from firewalls to Cortex Data Lake? I'm not seeing anything in docum...

Use Case and Purpose of xdrhealth.exe

Recently i have noticed that there is another folder which has been created under PA Cortex folder as below: "C:\Program Files\Palo Alto Networks\Cortex XDR Health Helper" Inside the Folder there is PE which is xdrhealth.exe, what is the purpose of this EXE? Is there any documentation which can be used for understanding its purpose. From the nam...

Create a correlation between xdr agent and palo alto url filtering

Hi, I need to get the correlation between url that are being access and found through url filtering in PA FW and xdr agent that shows me which machine are accessing this url. In Cortex XDR I can see the the log from PA Firewall, source ip it is our internal DNS and destination the malicious URL, and I need to know who is doing this query, whic...

Anti-ransomware aggressive mode files backup issues

Hi to everyone. We have anti-ransomware feature set in "aggressive mode" The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem persists, contact your system administrator." issues per computer in the backup console. Is there a...

Uninstalling Cortex XDR

Hi All, The customer is trying to uninstall the old agent version as they are not reporting to the console and installing the latest version. There are 1000+ machines in the infra and they are planning to do this via a centralized tool. Please suggest a feasible way of performing this activity. Also is there an uninstallation command that ...

XQL Query: Issue with arrayindexof() function in host_inventory dataset

Whenever we use arrayindexof() function with host_inventory dataset we get an error (Failed to run) but whereas when we run with dataset of xdr_data we get a success response message. Please run the below XQL query: (Status == Success) config case_sensitive = false | dataset = xdr_data | alter sampleArray = arraycreate("ABC","DEF","GHI","JKL"...

How to find the Cortex XDR client Policy Profile name from Windows without Local Admin

As different Cortex XDR Policy profiles can be pushed to different users, it is sometime required to find out what is the current XDR Policy Profile used by a particular endpoint. If the endpoint has local administrator privilege, we could just search in the *.ldb files in the following folder for the name of the profile used.C:\ProgramData\Cy...

tingmy by L1 Bithead
  • 3165 Views
  • 2 replies
  • 0 Likes

Please share your useful XQL queries!

Hello! as a beginner with Cortex XDR I asked me, what are interests of others in the query section. If you have some interesting and useful queries, please share and describe them in a short way. Thank you! BR Rob

Cyber1985 by L3 Networker
  • 12877 Views
  • 4 replies
  • 2 Likes

Resolved! Support File Password

We used to be able to access endpoint files and now the zip is asking for a password. Is this the 'admin password' setup under agent settings?

eumbach_0-1677098454680.png
eumbach by L3 Networker
  • 6658 Views
  • 1 replies
  • 0 Likes
  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks