This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4358 Views
  • 0 replies
  • 3 Likes

Latest Use Cases

Hello Team, Can you please help us with some latest use cases. And if possible Industry-Specific Use Cases focusing on the finance sector. Also how to fine-tune similar kinds of incidents? Tried to whitelist the exe but incidents still trigger.

Issue while installing XDR on Linux Server

Hello, Even after installing cortex xdr on linux server it is not reflecting on console . We have tried to cytool reconnect force ,we checked comaptible(it is compatible) we tried runtime stop/start command as well. The services dypd, analyzerd and ited are not in running state no matter what we do. Please help in resolution of this issue. Regar...

Malware scan in cortex xdr

What is the difference between canceled scan, pending cancellation and pending scan with respect to endpoint scaning ? None: No scan initiatedPending- Scan was initiated ,waiting for action to reach endpointIn Progress- Scan is in progressSuccess-Scan CompletedPending Cancellation-Scan was aborted,waiting for action to reach endpointCanceled-...

Cortex XDR - File Exceptions

Hello, Could you please help us to understand few queries related to exceptions: 1. How do we create global exceptions for the file paths.2. Adding exceptions for the files in endpoint scanning module of the profile will only exclude these files for scanning or other modules also is this exclusion applicable?

Global Exceptions

Hello, We need to add a global exceptions on the paths. Currently we have added file paths in endpoint scanning allow list. So can you confirm if we exclude in this scan does it applicable for other profile like Portable Executable and DLL Examination, Anti Webshell Protection, Global Behavioral Threat Protection Rules, etc..

Resolved! Cortex XDR Pro - Uploading IOCs - also working retrospectively?

Hello dear community, I've read something about uploading IOCs and I would like to know, if they also work retrospectively? How else? Do I create/upload an IOC and these will only be triggerd, when this IOC is seen in the future? Here are some information from the documentation? But like you can see: BR Rob

RFeyertag_0-1677711430120.png
RFeyertag_1-1677711448470.png
RFeyertag by L4 Transporter
  • 2679 Views
  • 2 replies
  • 0 Likes

Cortex XDR Blockage activity

If anything needed executable are blocked by the XDR previous we used to add that ***.exe in malware profile. But now we faced that issue that client has connected the clickshare(PC Screen Share) Equipment as it's an external equipment connected to USB of the machine. How can we add that .exe to exception list to work in the machine. Its not wor...

Resolved! XQL to get characters from Host Name

Hello All: Our host_names are formatted the same across our fleet. I'd like to pull out the 5-8 characters in the hostname. We've tried using trim, ltrim and rtrim, and even with them nested. Any suggestions? In this example WX260920162Q2R we want to pull out 0920. Thanks!

  • 2599 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks