This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

xql query for process

Hi. i just try to do some basic threat hunting. dataset = xdr_data| filter action_process_image_name in ("a.exe", "b.exe")| fields agent_hostname, actor_effective_username, action_process_image_name, action_process_image_command_line , _time| sort desc _time so i try to identfied two different process is happening at same endpoints. how to do...

T.Nurmi by L2 Linker
  • 1206 Views
  • 1 replies
  • 0 Likes

Resolved! Can Cortex XDR fully substitute for Microsoft Defender Attack Surface Reduction (ASR) rules?

Hello Cortex XDR Community, We are in the process of transitioning our endpoint security stack and are using Cortex XDR as our primary AV/EDR solution, with Microsoft Defender offboarded. Our goal is to have a single, fully functional security control plane within Cortex. We have a detailed set of Microsoft Defender Attack Surface Reduction (ASR...

atief by L0 Member
  • 2994 Views
  • 1 replies
  • 0 Likes

Cortex XDR markertspace

"I recently installed the Microsoft Teams add-on in Cortex XDR markertspace, but I'm not sure how to configure it or where to navigate. After adding the add-on, where can I find it and how can I use it?"

Cortex XDR update from V3 to V4

Hello everyone! Hope you're doing it great. This week on my cortex XDR console a notification appeared saying that an update to the V4 of the tenant is available. That sounds great, but I'm concerned about what's the impact on my already deployed agents. Are they going to be disconnected and another deploy would be necessary? Have anyone h...

cortex 4.png

Resolved! Cortex XDR - API Automation

Hello,I am currently trying to code a Script with Cortex API in order to check the version of the latest available Agent. I am talking the precise agent version not like 5.X but the 5.X.XXXX.I haven't seen anything in their actual documentation, perhaps I missed something.Hope someone can help me outThanks a lot!

Monitoring PowerShell Command

Hello everyone!I received an alert about PowerShell with the DCsync rule.I'd like to check if I can see the code that PowerShell executed. I can only see the "PowerShell_ise.exe" process. I don't know what code or command generated the alert. There is a possibility that it is a script code, but I would like to identify it better.

reminder for subscription renewal

I'd would like to to know if any reminder process is in place for up coming subcription renewals. We had a cortex edr subscription and the subcription didnt generate any warnings (neither visual within the portal nor a via an enail) and silently went dead and we found out when the edr portal didnt allow us to login. I couldnt event create a case...

balpay by L0 Member
  • 715 Views
  • 1 replies
  • 0 Likes

Storage Device Management

We are in the process of blocking USB Storage devices using Cortex XDR. We have the Device Configuration Extension Policy setup with the settings we want. The issue that we have is that it can only be Allowed or Blocked. How can we set to just monitor at first? This way, we can watch the Device Control violations list for any storage devices tha...

Broker VM || SYSLOG APPLET

Hi All, We have deployed broker vm and enabled syslog applet and configured the broker vm ip as remote host in one of our linux server and IBM guardium database activity monitoring tool but we are unable to see the logs in the console.unkonwn_unknown_raw data not getting created , but when checked tcp dump in broker vm log received by the brok...

P.Balan by L0 Member
  • 1268 Views
  • 3 replies
  • 0 Likes

Migración de NXS - Broker VM

En mi organización tenemos equipos que no tiene salida directa a internet, y para ello utilizamos Broker VM. Por temas asociados a Infraestructura, se están migrando servidores de NSX. Desde esa área me comentaron que para realizar esta migración, clonarán la máquina virtual y luego lo moverán. Dicho esto, quisiésemos saber si esto traería probl...

XQL or API access to Vulnerability Assessments

Is it possible to access the vulnerability assessments via XQL and/or API I've been tasked with looking at the possiblity of taking the CVE lists from vulnerability assessment and matching them to MS KB. I don't want to be manually running reports or grabbing data so need to be able to get the data from Vulnerability Asessment in a scheduled w...

  • 2600 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks