Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Cortex XDR Hardware Requirements

Hi All,

Below are the hardware requirements mentioned in the palo alto documentation to install Cortex XDR on a linux machine. Could you please confirm if this RAM (4Gb/8GB) and Hard disk space (10GB) mentioned is needed as the total minimum RAM/hard

...

How to Filter Alerts/Incidents by IP address?

I am trying to correlate exfiltration & port scanning incidents to identify patterns pertaining to a specific IP address to build exceptions or exclusion's for false-positives. They are not our assets, but an IP we communicate with frequently. The fi

...

Resolved! Increasing severity for certain critical hosts or visible tagging

Is there a way to make certain server hosts show as critical servers? We have a certain amount of servers we'd like any incident related to them be automatically a critical or high alert when XDR creates an incident for them. I've created say a "Crit

...

XDR 8.2.1 on domain controllers keeps disconnecting from tenant

Hi all, we are observing this behaviour on some domain controllers where xdr agents losing connection to tenant and the only way-out is to remove them via xdr cleaner and reinstall, only to fail again in a bunch of days.

We are out of ideas, obviousl

...

Resolved! Cortex WIndows ulnerability assessment

"A few months ago, I heard that Cortex only detected application vulnerabilities on Linux, but on Windows, it only detected OS vulnerabilities. Is this issue resolved now, and does Cortex detect application vulnerabilities on Windows?"

Resolved! Cortex XDR Ransomware Protection: Aggressive mode & Resource Optimization

Hello Community,

I have a question regarding Cortex XDR in Aggressive Mode. During my testing, I noticed that it significantly impacts my machine's performance, as the Cortex XDR agent continuously analyzes the behavior of benign software, such as

...

Resolved! Creation Rules or Policy

Greatings everybody

I´d like to know how can I create rules or policy for block bitorrent and torrent.

Resolved! Cortex XDR

How to Create a child tenant in cortex XDR??

I created the Parent Tenant and its activated but there is no option to create the child tenant!!

Cortex XDR Cortex XSOAR

Ingest AWS GuardDuty logs

Dear community,

I'm seeking help to ingest AWS Guardduty logs into Cortex XDR.

I did check the documentation and only found the method to ingest AWS assets, Flow log via S3 and Route53 via S3.
I don't mind the AWS guardduty logs is not normalized,

...

Resolved! XQL: How to find events from multiple host

Hi,

We need an XQL query that can identify events from multiple host that we define in the query.

Thank you.

Cortex XDR Agent Installation in Broker VM Base Linux OS

Hi Team,

We have Broker VM's in our environment, and they are hosted in the Esxi and are Linux Servers.

Do we need to install Cortex XDR Agent in the Base OS also?

Resolved! Is it possible to trigger insights collection on multiple hosts?

Hi,

I know that I can go to Endpoint Data -> Open Asset View -> Open Asset View in new tab and then use "Run Insight collection" but from time to time I need to do this on around 50 hosts so this option is not really practical. I wasn't able to find

...

Resolved! no alerts no incident

Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?

Agent update failed

3 computers failed to update the agent,current version 8.4.1.53273 and target version is 8.5.0.624. PC1 Additional Date：Windows Installer DB: Extra reference(s) to agent component(s); PC2 Additional Date：Windows Installer DB: Current agent registr...

Configuring alerts in Cortex XDR to prevent incident generation

Hello,

I want to configure certain NGFW alerts in Cortex XDR so that they no longer generate incidents based on criteria such as the alert name, source zone, and destination zone. I do not want to completely hide the alert with an "Alert Exclusion"

...