Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
We have configured checkpoint firewall CEF log forwarding to Cortex XDR. Please provide a sample field for CEF-formatted logs.
Hello, everyone
Does anyone know how to use the SSH command to execute commands to the Broker VM, so that the Broker VM can start the Local Agent Settings service even when it cannot connect to the Paloalto Cloud Console.
Because we have customers
...
Hi everyone !
I'm a beginner on CORTEX XDR, and need some help for 2 things !
- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many differen
...
Is there a comprehensive document containing all the datasets that are currently available? We've noticed that datasets such as "incidents_artifacts" or "incidents" are not displayed in the autofill text in XQL. We would greatly appreciate having a c
...
I have recently encountered a unique use case; we are working with a PT Automation System in which PT attacks are simulated on endpoints within the organization. This is causing quite a ruckus on the XDR tenant as expected in terms of alerts. Is ther
...
We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previousl
...
Hello
I've a broker VM that is offline in Cortex XDR, do I need to remove the offline broker VM from Cortex XDR then register it?
There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.
Which application access should ideally be provided in it.
Thanks
Hello Team,
Could you please provide the benefits of Network Location Files in restriction profile.
I have seen alerts screenshot on internet where an alert triggered after matching a Yara rules.
https://attackevals.mitre-engenuity.org/enterprise/participants/paloaltonetworks?adversary=carbanak-fin7&view=results&scenario=1
(Fourth Screenshot)
Does C
...
Hi All,
Can XDR be installed on VM deployed via Azure marketplace images?
Thanks
All,
Trying to write a XQL query to search for this Windows command line when executed. Can anyone tell me how to distinguish the command line parameters "domain computers" in XQL? Thanks.
actor_process_command_line = "%systemroot%\system32\net.exe
...
Hello ,
Does anyone know the difference between the Malware scan initiated from console and Scan initiated by user locally for all drive? Does cortex XDR also scans the memory and registries in the full scan initiated? and how long it should take a
...
We have concerns about the Evil Extractor malware posted here: https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer
I have not been able to find anything on the PA Cortex or Firewall Pages and need to get information back to
User | Count |
---|---|
9 | |
3 | |
3 | |
2 | |
2 |
Subject | Likes |
---|---|
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
2 Likes |
User | Likes Count |
---|---|
6 | |
6 | |
5 | |
2 | |
2 |