This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Resolved! Application Whitelisting (like Applocker, WDAC/MDAC, Airlock Digital) with Cortex XDR Pro?

Hello dear communinty, we would like to know, if there will be a functionality in the future like applocker or MDAC for whitelisting applications/scripts/etc.. If they are not in out WL, they cannot be executed and we get a information/alert. This is a very useful feature in the cybersecurity world and we need to know, if we get this done ...

RFeyertag by L4 Transporter
  • 4713 Views
  • 2 replies
  • 0 Likes

Resolved! Filter incidents on action in Cortex XDR

Hello, I would like to filter incidents on what kind of actions have been taken. Is this available or should I make a feature request somehow? Ie. filter on all incidents containing alerts that have prevented as action. Or Filter out any where the action is allowed. Best regards/Elisabeth

Resolved! Cortex XQL incident query

Hello PAN community !!I'm new in this platform and I am a little lost here. I'm trying to create a query to list all endpoints of a specific endpoint group with all its incidents (malware,etc).To get the endpointgroup and its endpoints I'm usingdataset = endpoints | fields group_names , endpoint_nameBut I have not idea where to find the alert ca...

rcamposb by L0 Member
  • 4209 Views
  • 2 replies
  • 0 Likes

Cortex XDR: False Positive detection of VulnDetect scripts

Hi, A number of our customers has complained about our signed PowerShell scripts being flagged and, in some cases, blocked by Cortex XDR. The scripts in question can be found here: https://stream.vulndetect.com/e/task.ps1 https://stream.vulndetect.com/e/functions.ps1 https://stream.vulndetect.com/e/VulnDetectMaintenance.ps1 Other than sign...

Host Firewall

Hello Team, We intend to enable the Host Firewall feature in the Cortex XDR. Please give us a brief overview of how this feature works.

Not able to set Proxy for Windows 2012 servers

Hello , We are unable to see few servers in our endpoint list. But the user confirmed it has cortex installed in it and is enabled also particularly For Windows 2012 servers we're not able to set the proxy and for some hosts last seen connected date is being shown for a previous date. Kindly suggest how can we set proxy for these servers.

Agents Intermittently Disappearing in Cortex XDR Then Shows Up

Hi, Some Agents in Cortex DXR disappears then shows up after few days - no pattern at all If my understanding is correct, if the Agents are disconnected or there's a connection lost, the Endpoint Status column will dictate it. But the Agents in question are not. As in they're like "ghosts" that shows up then after some time disappears. Wha...

katiea by L1 Bithead
  • 4501 Views
  • 8 replies
  • 0 Likes

Operational status unprotected with error message running without valid content

Related to Cortex XDR we are observing operational status as unprotected for some endpoints and the error says running without valid content.But at the same time we also observed some of the agents running on the the latest agent version also having this error(running without valid content) . How do get the hosts in protected operational status...

Resolved! A question from the Endpoint Administration Part 2 webinar: Alert ID

We often notice alert_id out of the numerical order, chronologically, sometimes way off. It appears like XDR is detecting something later and assigning an older timestamp but a new alert_id to detection. Can someone provide some detail/explanation on this observed behavior? Note: This question was asked during a customer success webinar: Endpo...

rtsedaka by L6 Presenter
  • 4365 Views
  • 3 replies
  • 0 Likes

Resolved! Exclusion criteria import

Hi all. Does anyone know of a way - or a work around for the following situation. I have a long list (about 700) IPs that I want to create an alert exclusion from. These are external scanners that our firewall blocks and we get a large amount of alerts because of this. I would like to create an alert exclusion so we no longer have to deal wi...

Pop-up Blocked Alert Not Displaying Blocked File

Hello, A client received a pop-up blocked alert because a suspicious executable was found on their machine. When the client went to view more details, the executable that was blocked was never displayed in the details information. Why is that? By the way this was a post detection blocked Cortex XDR alert. I have attached a screenshot of the al...

Cortex XDR agents upgrade

Hello everybody, Is Cortex XDR agents auto upgrade recommended? We enabled agent auto upgrade at the moment. But we worry this can cause some problems in future. Can anybody give suggestions about this situation? Thanks.

  • 2589 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks