This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 741 Views
  • 0 replies
  • 2 Likes

Interpreting alerts on XDR

Hi, The alerts on XDR and very much rigid and not readable even to the support personnel, whenever I raise a case they keep checking with other teams teams and higher support levels to get details, for example how to interpret the below, it says susp

...

eXtended Threat Hunting (XTH) Module

Hi team,

Got a renewal quotation with new XTH module.

Heard eXtended Threat Hunting (XTH) Module is about query the raw data for threat hunting.

Still not so sure what is the new module is used for?

What is the use case to purchase this lic in additi

...

Query: All vulnerabilities under 29 days

I created this query to identify all vulnerabilities under 29 days: 

 

dataset = va_cves
| alter days = timestamp_diff(current_time(),publication_date ,"DAY")
| filter days > 0 and days < 30
|arrayexpand affected_hosts

Is there a way to tie in IP Address

...

Arcon Onboarding of Broker VM's

Hi Team,

We are planning to on-board the broker vm's to arcon for which we need the hostname and the user id of these broker vm's. Could you please assist how to get these details for the broker vm's to get it onboarded to arcon. These broker vm's are

...

Resolved! BTD - PROCEXP152.SYS - Vulnerable Driver Loaded

Cortex blocked driver PROCEXP152.SYS from being loaded (rule: sync.vulnerable_driver_by_original_name_loaded_procexp)
The thing it that this is a signed microsoft driver and it's kind of a known situation for many other vendors.

Links: Process Explorer

...

Panagiss by L1 Bithead
  • 11286 Views
  • 2 replies
  • 0 Likes

UNKNOWN USB DEVICE tdevflt.sys

Hi, i´ve a USB port problem.

I´ve already update all the lenovo drivers both automatically and manually and it didn't work. The PC keeps blocking me the USB ports.

When i was looking for the solution, we tried to disable the cortex agent and after a

...

Broker Link

Hi, I need a method to identify endpoints in my environment that are not communicating or linked the broker but Cortex is installed, noting that those machines do not have internet access.

 

Thanks,

XDR Agent Auto Upgrade installer has timed out.

Hi everyone,

 

I have a customer who has configured the automatic upgrade of XDR Agent, when the new version is released, only a small number of Agents have completed the upgrade, a large number of Linux hosts have failed to upgrade, and the Last Upg

...

yuyangab by L1 Bithead
  • 2146 Views
  • 4 replies
  • 0 Likes

Resolved! Does Cortex XDR support encrypted macros?

Getting this Office warning when trying to open a file containing an encrypted macro.  Are they supported?  If they are then why does the MS Windows Antivirus API incorrectly report?

The host has Cortex XDR Agent 8.6.1 installed.

 

DanRoberts_0-1738314316381.png

XDR Grafana Auth error

Hi everyone,

 

i need your help, i've see all posts related with grafana and Cortex XDR and i've one problem.

 

When i try authenticate with API , using postman, and set enviroment, the post for get endpoints works...but grafana not work.

 

but when

...

tlmarques by L4 Transporter
  • 418 Views
  • 1 replies
  • 0 Likes

Unable to retrive downloaded exe's

Hello everyone,

 

I was trying to check all the downloaded exe's via firewall on all the endpoints in past 24hrs. I tried retrieving all downloaded exe's in downloads folder with the help of this query below. 

dataset = xdr_data
| filter event_type =

...

XDR & Java installs

With the upcoming Oracle Java license changes, I'm looking into using XQL to report on existing installs, and potentially a process based BIOC to block new installs which would incur a licensing fee. 

Anyone familiar with Java know how to differentiat

...

SearchHost.exe

Hello Everyone,

 

I am new to Cortex XDR. I wanted to ask what is searchHost.exe? and if it is safe when it generates alarm (level Medium) in Cortex XDR? If not then any recommendations?

 

Thanks

  • 2276 Posts
  • 86 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks