Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi Guys,
In the Cortex XDR, we are getting an alert indicating Behavioral threat detected (rule: bioc.syscall.remote banker behavior). Although the file is blocked which is benign, the is no information related to the rule. Does anyone have a clear
...
Hi,
Can you provide me information on how cortex xdr agent perform real time threat detection ?
1. does it is detect when file is dowloaded and prevent from downloading ?
2. does it prevent file execution ?
I like to know the process, I am looking to ado
...
Hi All,
I have started facing an issue where whatever actions start via action centre, First it says "Pending" after that it turns to "In progress" status. and it stays there , It never shows status as "Completed successfully"
Just to test, I initiat
...
Hi Community,
Anybody has any information on the user 'cortexuser' created while installing cortex in Redhat Linux ?, What this user used for and which folders are owned by this user
Thanks in advance
Hi,
we are about to activate Cortex XDR agent with Default Policy Rules (i.e. Default Exploit, Malware, Restrictions, Agent settings and Exceptions profiles) on some Windows servers which contain a huge amount of data (terabytes).
Are there some reco
...
Hello,
Please excuse me if these are very basic questions. I have been trying to find a definitive, written answer and have been unable to, so far.
If
1. Portable Executable and DLL Examination is set to the default of 'block' in an applied Corte
...
Hello!
I set up Windows Event Collector and data is coming to XDR. But i want to see data which come from Windows Event collector. In which category this data located? How can i search Windows Event collector data in XQL?
THANKS!
Hello.
If Restrictions profile for Windows is default then they don`t directly affect windows endpoints. We must edit and and apply them for getting protection in endpoints. But in Linux it is not same. Even if Restriction profile is default, XDR can
...
Hello.
In XDR Broker VM i enable proxy server and configure as follows:
Type:HTTP
Address: 192.168.6.167
Port: 8080
But it is not work and in configuration status i see "in progress" even through 3-4 hours.
I want to know if is there anybody who configur
...
Hello,
We want to uninstall an agent from MacOS, but we do not have the admin password. And we can't reset the password because the tenant was deleted it. So the agent does not have administration from web console.
I try with "Passowrd1", it doesn't
...
We are in the process of updating our endpoint XDR agents from 7.2 to 7.3.1. We are testing on a small pilot group and finding that scripts and executables that we previously ran are now being blocked. Granted some these scripts are stopping and st
...
Hello!
My question is about Windows Event Collector.
Why we need Windows Event Collector? Don't XDR Agents collects all needed information from Windows endpoints? Can Windows Event Collector give us useful information than Agents?
We have some systems that are locked-down with software that prevents modifications to files/directories, and I'm wondering what are the paths that Cortex needs to be able to modify? For example, when it downloads the latest definitions, what does it
...
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
| Subject | Likes |
|---|---|
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like | |
| 1 Like |
| User | Likes Count |
|---|---|
| 3 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
