This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Execute a program in my endpoint from live terminal Cortex XDR

Hi everyone, has anyone tried to execute a program in an endpoint from live terminal? I mean, when you are in the endpoint you can use a command like c:\notepad.exe in cmd and it opens notepad, I want to do the same but from the live terminal, I tried but I didn't have luck, it doesn't open the program. I really appreciate any help you can ...

Resolved! after cortex XDR 7.9.0.17288 upgrade endpoints in cortex XDR console got removed from existing dynamic group

Hi All, I have recently upgraded cortex XDR agent 7.9.0.17288 on few endpoints. After the successfull upgrade, i saw the endpoints which were upgraded with new version got removed from existing dynamic group. Those are still member the same group in AD, but not listing in the cortex XDR dymanic group. Is this expected behavior?

Cortex XDR folder exclusion - for Mac-Clients

How do i put a Folder on a Mac-Client in the Malware-Policiy-Profile into the Allow-List?For Windows-Clients, thats no big Problem, the Path always gets delivered with the Incident, but for Mac, the Path does not seem the Case, or, at least, i cannot put the Path into the Allow-List.Kind regards,Alex

Active Scanning on Endpoints

Hello, We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.

Cortex Filter on MacOS prevents internet connectivity

Hey everyone, We're having some issues with the most recent Agent Version on MacOS (7.9.0.2505). When some of our clients were upgraded to this version they suddenly lost internet connectivity. The only thing that worked for them was to remove Cortex XDR from under Settings -> Network -> Filters & Proxies, by pressing the minus but...

Mitre ATT&CK coverage

Hello dear Livecommunity, as you know, Cortex XDR is a very powerful peace of software and I am happy to use and administrate it. But I never doubt about coverage of the mitre attack patterns and I am a little bit upset, we need to get through this and setup our own rules for example TA 1219. There is no rule within. Has anyone of you got...

RFeyertag by L4 Transporter
  • 2054 Views
  • 2 replies
  • 0 Likes

Broker VM & SIEM

Hello folks. How we can forward Cortex Agent logs from Broker VM to SIEM systems? [agent] ====> [Broker VM] ====> [SIEM] Cortex XDR

CORTEX XDR

I want to add palo alto firewalls to cortex xdr do I need to add only panorama or do I need to add Indvidual firewalls to get alert do i need to use firewall mgmt. ip or panorama mgmt. ip we have more than 300 firewalls split into HWAN and LAN MFG

Query regarding malware scan

During initiating the malware scan on connected endpoints suppose the system moves to disconnected state for few days and the scan status starts showing in progress now. Could you please let us know the duration of the malware scan is applicable for such endpoints?

Whitelisting of Files

Hello, We are running periodic scan on all endpoints . During this scan few files has been detected .We have got confirmation that some of the files are legitimate and it's being used in infra. Can you please suggest in providing what is the best method to whitelist the safe and confirmed files .

Resolved! XQL Query help is required to narrow down our requirement

Dear All, We are trying to understand that, there are certain applications installed on a host by using the below query. preset = host_inventory_applications|filter endpoint_type = "AGENT_TYPE_WORKSTATION"|filter application_name in("Application A","application B", "Application C") | comp latest(report_timestamp) by endpoint_name, application_...

VenuK by L2 Linker
  • 2528 Views
  • 2 replies
  • 0 Likes

Block a digital signer?

Does anyone know if there is a way to block a digital signer? Or does anyone have any better ideas for blocking Wave Browser without blocking all of their ever-changing thousands of hashes?

enewman by L1 Bithead
  • 10617 Views
  • 6 replies
  • 2 Likes
  • 2588 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks