This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Cortex XDR update from V3 to V4

Hello everyone! Hope you're doing it great. This week on my cortex XDR console a notification appeared saying that an update to the V4 of the tenant is available. That sounds great, but I'm concerned about what's the impact on my already deployed agents. Are they going to be disconnected and another deploy would be necessary? Have anyone h...

cortex 4.png

Resolved! Cortex XDR - API Automation

Hello,I am currently trying to code a Script with Cortex API in order to check the version of the latest available Agent. I am talking the precise agent version not like 5.X but the 5.X.XXXX.I haven't seen anything in their actual documentation, perhaps I missed something.Hope someone can help me outThanks a lot!

Monitoring PowerShell Command

Hello everyone!I received an alert about PowerShell with the DCsync rule.I'd like to check if I can see the code that PowerShell executed. I can only see the "PowerShell_ise.exe" process. I don't know what code or command generated the alert. There is a possibility that it is a script code, but I would like to identify it better.

reminder for subscription renewal

I'd would like to to know if any reminder process is in place for up coming subcription renewals. We had a cortex edr subscription and the subcription didnt generate any warnings (neither visual within the portal nor a via an enail) and silently went dead and we found out when the edr portal didnt allow us to login. I couldnt event create a case...

balpay by L0 Member
  • 668 Views
  • 1 replies
  • 0 Likes

Storage Device Management

We are in the process of blocking USB Storage devices using Cortex XDR. We have the Device Configuration Extension Policy setup with the settings we want. The issue that we have is that it can only be Allowed or Blocked. How can we set to just monitor at first? This way, we can watch the Device Control violations list for any storage devices tha...

Broker VM || SYSLOG APPLET

Hi All, We have deployed broker vm and enabled syslog applet and configured the broker vm ip as remote host in one of our linux server and IBM guardium database activity monitoring tool but we are unable to see the logs in the console.unkonwn_unknown_raw data not getting created , but when checked tcp dump in broker vm log received by the brok...

P.Balan by L0 Member
  • 1176 Views
  • 3 replies
  • 0 Likes

Migración de NXS - Broker VM

En mi organización tenemos equipos que no tiene salida directa a internet, y para ello utilizamos Broker VM. Por temas asociados a Infraestructura, se están migrando servidores de NSX. Desde esa área me comentaron que para realizar esta migración, clonarán la máquina virtual y luego lo moverán. Dicho esto, quisiésemos saber si esto traería probl...

XQL or API access to Vulnerability Assessments

Is it possible to access the vulnerability assessments via XQL and/or API I've been tasked with looking at the possiblity of taking the CVE lists from vulnerability assessment and matching them to MS KB. I don't want to be manually running reports or grabbing data so need to be able to get the data from Vulnerability Asessment in a scheduled w...

Delete detected infected file

We have malicious file detection on the clients. When they try to execute a task, Cortex blocks the action, but not the malicious file. Could we have any documentation on how to delete the detected malicious file? Thanks

Resolved! XDR Agent on CIE server

The title almost says it all - I found we don't have an XDR Agent on our Cloud Identity Engine server. Since even paranoids have enemies, is there any reason not to install the XDR Agent on that?

How to Identify Endpoints triggering Application Restriction Profile

We have created a restriction profile to block executing an application by specifying the exe path in the file path configuration. This profile has been applied to all our endpoint groups to enforce application blocking globally.We can view the number of times this restriction profile was triggered through the usage count, which gives an overvie...

Exploits Protection interfering with browser launch

Has anyone ever experienced an issue where, after installing the XDR agent on an endpoint (host), Microsoft Edge could no longer open? Here’s the situation: one of our customers installed the agent, and afterward, their laptop was unable to launch Edge — it would freeze on a blank startup screen. On-site, we found that disabling Browser Exploits...

  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks