Discussions
Resolved! Cortex XDR
We have configured checkpoint firewall CEF log forwarding to Cortex XDR. Please provide a sample field for CEF-formatted logs.
Resolved! When Broker VM cannot connect to Paloalto Cloud Console, how to enable its Local Agent Settings service
Hello, everyone
Does anyone know how to use the SSH command to execute commands to the Broker VM, so that the Broker VM can start the Local Agent Settings service even when it cannot connect to the Paloalto Cloud Console.
Because we have customers
...CORTEX XDR - Best practices
Hi everyone !
I'm a beginner on CORTEX XDR, and need some help for 2 things !
- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many differen
...Resolved! XQL datasets
Is there a comprehensive document containing all the datasets that are currently available? We've noticed that datasets such as "incidents_artifacts" or "incidents" are not displayed in the autofill text in XQL. We would greatly appreciate having a c
...Creating an Exception Rule for a PT Automation System
I have recently encountered a unique use case; we are working with a PT Automation System in which PT attacks are simulated on endpoints within the organization. This is causing quite a ruckus on the XDR tenant as expected in terms of alerts. Is ther
...Allow based on certifcate issuer?
We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previousl
...Resolved! Broker VM offline in Cortex XDR
Hello
I've a broker VM that is offline in Cortex XDR, do I need to remove the offline broker VM from Cortex XDR then register it?
Resolved! Response Action
There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.
Which application access should ideally be provided in it.
Thanks
Network Location Files in Restrictions Profile
Hello Team,
Could you please provide the benefits of Network Location Files in restriction profile.
Resolved! Yara Rules and Cortex XDR
I have seen alerts screenshot on internet where an alert triggered after matching a Yara rules.
https://attackevals.mitre-engenuity.org/enterprise/participants/paloaltonetworks?adversary=carbanak-fin7&view=results&scenario=1
(Fourth Screenshot)
Does C
...
Resolved! XDR Installation on Azure
Hi All,
Can XDR be installed on VM deployed via Azure marketplace images?
Thanks
Resolved! XQL Command Line Help
All,
Trying to write a XQL query to search for this Windows command line when executed. Can anyone tell me how to distinguish the command line parameters "domain computers" in XQL? Thanks.
actor_process_command_line = "%systemroot%\system32\net.exe
...Resolved! Cortex XDR malware scan
Hello ,
Does anyone know the difference between the Malware scan initiated from console and Scan initiated by user locally for all drive? Does cortex XDR also scans the memory and registries in the full scan initiated? and how long it should take a
...EvilExtractor
We have concerns about the Evil Extractor malware posted here: https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer
I have not been able to find anything on the PA Cortex or Firewall Pages and need to get information back to
