Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Best way to exclude legitimate behaviours

When it comes to excluding legitimate behaviours from BIOC rules, as far as I can see, there are 3 options:

  1. Modify the BIOC rule itself adding "not equal to" logic.
  2. Add BIOC rule exclusion at https://<organisation>.xdr.eu.paloaltonetworks.com/rules/exc
...

Cortex XDR Prevent Specific Questions

We are using Cortex XDR Prevent 

 

1) I see many places the word 'rules' and 'rule exception' is used , I assume this option or feature is not available in Cortex XDR Prevent as I do not see it in the menus/blades .I guess its a 'Pro' edition feature .

...

Balaraju by L2 Linker
  • 1287 Views
  • 2 replies
  • 0 Likes

Modify Alerts Going to An Endpoint Group

 

Hello all,

I have setup an endpoint group of high profile laptops.  I would like the following configured on XDR.

 

- Prefix all Incident names going to endpoints in that group with "VIP Endpoint [Incident Name] (e.g. VIP Endpoint Wildfire Malware Dete

...

How most decisions are made by Cortex XDR ?

Greetings ,

 

I am using Cortex XDR Prevent and keen to know how most decisions are made by Cortex XDR about File/process/macro being malicious or not ?  So assume there are no Hash exceptions and need to know if below is true :

- First Wildfire cache i

...

Balaraju by L2 Linker
  • 929 Views
  • 1 replies
  • 0 Likes
Top Liked Authors