This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4327 Views
  • 0 replies
  • 3 Likes

Alerts on Cortex XDR Console

Hello, What is the importance of alerts in cortex XDR? Do we need to work on all the alerts, as we get overwhelmed by the number of alerts. What is the best practice to fine-tune the alerts so that no important alerts are missed.Is there any documentation available for related to the handling of alerts in Cortex XDR.

First SSO access from an uncommon ASN by user

Hello everyone,Recently we started getting these types of incidents in our SOC team for Cortex XDR.It shows that the user connected with SSO using this ASN.However, it says that the ASN 263461 is suspicious but we can't verify it with lookup tool.Any idea how to investigate this properly?Alert info: The user successfully authenticated via SSO....

Resolved! Windows OS issues with Cortex XDR enabled

A technician is claiming that after downloading XDR 7.6.1, the Windows start menu is not working. If he disables XDR, it works again. If he enables XDR, it stops working again. Has anyone else seen or heard of similar issues?

pdysart by L1 Bithead
  • 4059 Views
  • 2 replies
  • 0 Likes

Resolved! Installed Linux Servers not reflecting in Endpoint

Hello , There are a few Linux servers in which cortex XDR was deployed but it is not getting reflected in our endpoint. Performed check-in using the below command for the servers: root@ubuntu:~$ /opt/traps/bin/cytool checkin and configured the proxy (Broker VM) on the server using the below command /opt/traps/bin/cytool proxy set IP...

Parsing out VLANS from netflow collection

In Cortex XDR I'm trying to figure out how to create a parsing rule that will allow me to drop anything from certain VLAN's prior to it ingesting. Trying to use the Collect and filter but can't seem to figure out how to exclude a VLAN without having to specifiy each network individually which would lead to a mess to look at having so many neste...

XQL Query to list top process causing issues

Dear All, I would like to know how to build a query to troubleshoot issues on a host where I wanted to list the processes running on the host and also to identify which is causing the issue. I am writing the below query to find no details, please help. preset = xdr_process| filter agent_hostname contains "Host1" or agent_hostname contains "H...

VenuK by L2 Linker
  • 2244 Views
  • 1 replies
  • 0 Likes

Resolved! Server got rebooted due to Memory Dump issue

Hello, One of the servers got rebooted due to a memory dump. The server user checked with the Hardware OEM Dell and they have analyzed the minidump file and said that issue seems to be caused by Driver: cyvrfsfd.sys. When checked found that this file is related to Cortex XDR. Could you please confirm what is the use of this driver and what a...

Adithi_D by L0 Member
  • 2077 Views
  • 1 replies
  • 0 Likes

NTA Dashboard

Hello all, My goal is ingesting the log from my Fortigate for correlation and analyses. I'm evaluating Pro per TB now, done the configuration already, actually, the log is receiving now. Found the new NTA Dashboard, however, it showed No Permission error for some of the Webget like "GB Sent and Received", "Actions", "Recent Threat", "Dail...

Cortex XDR Vulnerability Assessment - Linux Backporting Security Fixes

Dear community When using the Vulnerability Assessment with Linux hosts, the results may include a lot of false positives.Distributions which are backporting security fixes (CentOS / Debian) do may not change the App Version when they got patched.https://access.redhat.com/security/updates/backporting "Backporting has a number of advantages for c...

fb-pan by L2 Linker
  • 10903 Views
  • 12 replies
  • 0 Likes

Compile Payload Source Code Locally

Dear Team, We wanted to restrict compilers on our environment after a pentest resulted with Compile Payload Source Code Locally, we have common compilers like csc.exe and GCC/MinGW. We wanted to know how to identify any common suspicious behavior exe's along with the csc.exe and GCC/MinGW compilers, suggest me the best way to restrict the c...

VenuK by L2 Linker
  • 1838 Views
  • 2 replies
  • 0 Likes

Resolved! Need help creating a Host Firewall rule in Cortex XDR

Hi all. I am migrating from SEP host firewall to Cortex XDR host firewall. I have an existing rule in SEP to allow EAPoL, I need to know how to set up the same rule in Cortex XDR. In SEP, the protocol is specified as "Ethernet" with a protocol type of "0x888e". Cortex XDR does not have "Ethernet" for a protocol. What protocol do I use in Cortex ...

  • 2591 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks