Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi All,
Does any one have a sample template or document for Cortex alert /incident managment procedure.
Regards
Asif Siddiqui
For the past couple of days, we have received a low priority alert with the following params:
Source: XDR Agent
Category: Exploit
Action: Prevented (Blocked)
In researching the alert in the alert table, I have determined that the action is tied with a h
...
Hello Members,
did anyone face any issue yet with newly released Cortex XDR Agent Version 7.3.0.16740 ? Like CPU high utilization, High Disk I/O or any other performance factors?
Thanks
Is there a way to see the actual detection of the analytic bioc rules
Normal bioc rules i can open in investigator but these i cannot
One of our VMs seems to have its performance really impacted when backups run on a file server. I do not readily see guidance for suggestions on how I might adjust Cortex XDR Prevent's settings to improve things since there is a fair amount of data
...
Palo Alto I am having a problem with your program mis classifing my tool suite
Shut.Tools.1.81.docm
as a false positive. Its a vba macro that has previously been clearing my Microsoft and utilises some MVP code. I depend on this to undertake my tasks
...
HI
For the brokerVM, what is de admin password when you want to run sudo command?
I'm currently running broker 10.1.9
Thanks!
Hi all,
When I initiate a scan to a machine a the action of malicious file is Detected (Scanned) but it is not getting quarantine although we enabled the quarantine malicious files in Behavioral Threat Protection.
Anyone know the reason ?
Thank you,
Hello PAN Community,
I am trying to import SSL certificates to Broker VM. However, when I try to import Private Key, it does not prompt me for the password. Does this mean I have to export the Private key without requirement for passphrase?
Thanks.
D
I have a user (my boss) who is one of several endpoints with a status of 'Connection Lost'. I'm not actually able to ping him from the DNS server when he is plugged in to the network at work; the XDR portal reports two IP addresses which are probably
...
I have not found a way to export data from the host insight addon, is this possible?
For example, the user list in host insight, Export to csv tsv
Hello all,
We are moving from Symantec Endpoint Protection (SEP) to Cortex XDR. If you are not familiar with SEP, it has its own firewall built in. When active, Windows Defender only manages a few aspects of the firewall. Since moving to having Cortex
...
Hi,
Thought I would give livecommunity a shot on this. We have been looking into integrating several Cortex XDR instances into a single QRadar instance but have come across an issue where it does not seem to let us change the syslog identifier name o
...
Can Cortex XDR prevent the use of other USB devices other than Disk Drives, CD-Rom Drives, and Floppy Disk Drives? If one of my users plugs in a printer, can that be denied? Can the same be done with SD cards?
Hello!
On all our endpoints we are using XDR with firewall(Uses built in Windows firewall) and Palo Alto GlobalProtect VPN connecting to PanOS devices at our office. We use split tunneling for the VPN, that means that only specified traffic goes thro
...
reaper
on:
NGFW User-ID and Terminal Server (TS) Agent Self-Signed Certificates expiration
| User | Likes Count |
|---|---|
| 2 | |
| 2 | |
| 2 | |
| 2 | |
| 1 |
