This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 474 Views
  • 0 replies
  • 2 Likes

Resolved! Cortex XDR Agent rollout strategy

We will be rolling out to production soon and we need to have full AV protection while Cortex XDR is in monitor mode for up to 2 weeks. The previous Cylance AV agent must be uninstalled prior to the Cortex agent being installed so running in parallel

...

Log4j batch file execution

Hi All.

 

From the Palo alto advisory as per below, we have to run a batch file via our SCCM tool. But I need to understand what version of log4j we are using on our Cortex. How can we find out , Please help

 

To ensure you disable message lookup, follow

...

AsifSid by L2 Linker
  • 2789 Views
  • 3 replies
  • 1 Likes

XDR install not connecting

After getting a Tech Coordinator to remove the old Traps version, she rebooted, and downloaded and installed XDR version 7.5 that I had sent to her. However it shows it is disabled and will not connect to the server. Any advice?

 

pdysart_0-1640196661324.png
pdysart by L1 Bithead
  • 2525 Views
  • 2 replies
  • 0 Likes

Resolved! Cortex Xdr Cytool Linux Force Reconnect

hi ,

I'm trying to create a Python script that I can run from management
to change the Installation Package value,
something like this;

import os

os.system('/opt/traps/bin/cytool reconnect force ecXXXXXXXXXXXX5efdbe920')

I was already able to create one li

...

Resolved! Is it possible to search for Macros in Cortex?

Can Cortex see if macros have been launched on an endpoint, specifically Office Macros? 

I tried the "All Actions" query and searched for .doc and .xls files but no luck. 

 

Has anyone tried to search for macros using Cortex query or xql? 

 

Just to clari

...

Cortex agent got uninstall automatically

Hi All,

 

Last night Cortex agent got uninstalled automatically on my system and then I had to install it back manually. There are no logs in agent audit logs for this in cortex console.

 

We need to find out why this was uninstalled automatically. Will

...

AsifSid by L2 Linker
  • 2550 Views
  • 2 replies
  • 0 Likes

Problems installing Cortex XDR to a user

Hello Palo Alto Team.

 

When installing Cortex XDR on a user, we must disable Windows Anti-Tampering, due to the following error:

 

 

If Windows Anti-Tampering is disabled, we still have installation problems.

 

 

Operating system name: Microsoft Windows 10

...

irissentinel_0-1637154458742.png
irissentinel_2-1637154670760.png

Cortex XDR high RAM usage

Hello everybody,

 

  We have a problem with RAM usage of our Cortex XDR agents. We have seen this issue about 7-8 endpoints for 2 moth. Ram usage of our endpoints increased up to 2 GB. it seems this is not agent version related problem. Because today w

...

Resolved! Cortex XDR Broker VM questions

Hi All,

 

Can anyone answer a few questions about Cortex XDR Broker VM?

 

If the Broker VM is being used as a proxy, do the hosts connecting to the Broker VM need to be on the same subnet as the Broker VM or can they communicate with the Broker VM via th

...

Ben-Price by L4 Transporter
  • 3379 Views
  • 1 replies
  • 0 Likes

BrokerVM proxy configuration error

hello, 

 

i'm facing this issue when i try to configure the ip addresse of the proxy so i can send logs throught brokerVM: 

C:\Program Files\Palo Alto Networks\Traps>cytool proxy set "X.X.X.X:YY"

Enter supervisor password:

RpcClient: SendRequest: Error 13

...

NCherbib by L2 Linker
  • 4313 Views
  • 3 replies
  • 0 Likes
  • 2231 Posts
  • 86 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks