Resolved! Cortex XDR device control exceptions
Hi all,
Iv'e a question about device control exceptions:
How do I exclude specific phones? Do I enter the manufacturer and then the phones serial number?
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi all,
Iv'e a question about device control exceptions:
How do I exclude specific phones? Do I enter the manufacturer and then the phones serial number?
Hi all, I've a few questions about the linux agent:
- Are there any special permissions that i need to give the agent?
-What to do if i have an agent that doesn't want to checkin with the server? the pc is on, the service is up, and i did a manual chec
...
Our client has recently purchased the Cortex Data Lake license and we are trying to set this up for them. The firewalls are on version 10.0.7 and have valid certificates but under "Device -> Licenses", we do not see a license for Cortex Data Lake de
...
Hi,
I seemingly have a problem with the xdr agents installed on ubuntu workstations -I get "local malware analysis" alerts on seemingly benign programs and executables such as chrome, VS code, systemd and such.
WF shows either benign or unknown.
Proble
...
Hi everyone
From the Ingest Logs from Elasticsearch Filebeat documentation, it mentioned "use the broker VM to proxy Filebeat communication". May I know how to configure the broker VM as proxy for Filebeat communication?
LIVEcommunity’s latest Ask Me Anything (AMA) session is all about Education Services Training and Credentialing opportunities for all things Cortex! From digital learnings and instructor-led trainings to the first-ever Cortex XDR certification, this
...
Hello
I see that OSX 12.X Monterey is currently not supported by any XDR agents. Is there an indication when this may be likely in the road map?
I have several users eager to update
We're in a situation where HQ has moved to Cortex XDR, at the satellite facilities, there are PC/Laptops that never touches HQ network and are often standalone systems or is on a competely separate domain and those domain is to never communicate with
...
I am having issues with an endpoint connecting to the Cortex XDR dashboard,
The Cortex XDR console from within the OS is showing as 'Enabled' however it is disconnected from the endpoint administrator console.
I have attempted restart the services usi
...
Hi,
We received a PA notification about Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0.
In our case we have the following scenario:
- Cortex agent
Hi Expert,
I wanna ask about disk encryption, I already follow guide from Palo for create policy disk encryption.
But after I checked my volume device still same, and status is Not Compliant
please give me advice for this
Hi all, I was wondering - can i block execution of files based on bioc\ioc and or file name?
As in, not just raise an alert(which i already have) but also actively block the file execution
We use a vulnerability scanner internally to test all endpoints for any known vulnerabilities or leaked credentials.
Cortex has been alerting to this, but since we know this is intentional traffic, is there a way to ignore certain authentication requ
...
Hi all,
I'm trying to run checks on my mac, that has a cortex xdr agent, trying to see how the blocking & quarantine functions before setting the policy to all endpoint in my organization.
However, EICAR files, and the test file that palo alto provides
...
Hello everybody.
I want to know if we can initiate a live terminal session over Broker VM ( our agents dont have internet access so they use Broker VM ).
1) In documentation Palo Alto say that network requirements for Broker VM are these:
- br-<X
...Subject | Likes |
---|---|
4 Likes | |
2 Likes | |
1 Like | |
1 Like | |
1 Like |