This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Broker VM || SYSLOG APPLET

Hi All, We have deployed broker vm and enabled syslog applet and configured the broker vm ip as remote host in one of our linux server and IBM guardium database activity monitoring tool but we are unable to see the logs in the console.unkonwn_unknown_raw data not getting created , but when checked tcp dump in broker vm log received by the brok...

P.Balan by L0 Member
  • 1193 Views
  • 3 replies
  • 0 Likes

Migración de NXS - Broker VM

En mi organización tenemos equipos que no tiene salida directa a internet, y para ello utilizamos Broker VM. Por temas asociados a Infraestructura, se están migrando servidores de NSX. Desde esa área me comentaron que para realizar esta migración, clonarán la máquina virtual y luego lo moverán. Dicho esto, quisiésemos saber si esto traería probl...

XQL or API access to Vulnerability Assessments

Is it possible to access the vulnerability assessments via XQL and/or API I've been tasked with looking at the possiblity of taking the CVE lists from vulnerability assessment and matching them to MS KB. I don't want to be manually running reports or grabbing data so need to be able to get the data from Vulnerability Asessment in a scheduled w...

Delete detected infected file

We have malicious file detection on the clients. When they try to execute a task, Cortex blocks the action, but not the malicious file. Could we have any documentation on how to delete the detected malicious file? Thanks

Resolved! XDR Agent on CIE server

The title almost says it all - I found we don't have an XDR Agent on our Cloud Identity Engine server. Since even paranoids have enemies, is there any reason not to install the XDR Agent on that?

How to Identify Endpoints triggering Application Restriction Profile

We have created a restriction profile to block executing an application by specifying the exe path in the file path configuration. This profile has been applied to all our endpoint groups to enforce application blocking globally.We can view the number of times this restriction profile was triggered through the usage count, which gives an overvie...

Exploits Protection interfering with browser launch

Has anyone ever experienced an issue where, after installing the XDR agent on an endpoint (host), Microsoft Edge could no longer open? Here’s the situation: one of our customers installed the agent, and afterward, their laptop was unable to launch Edge — it would freeze on a blank startup screen. On-site, we found that disabling Browser Exploits...

Resolved! Regarding the End of Life for Broker VM

Is there an EOL for Broker VM? The following URL contains information about the end-of-life for Palo Alto products, but it does not appear to include any mention of the Broker VM. https://www.paloaltonetworks.com/services/support/end-of-life-announcements/end-of-life-summary I searched for other documents as well, but I was unable to find any ...

XQL How to get all users that haven't logged in in the past 30 days.

Hi, I'm having trouble putting together a query that'll grab me a list of users that haven't logged in within the past 30 days. So far I've got this, but I'm not even sure if it's the right approach, so I'm just a bit stuck: dataset = xdr_data // Using the xdr dataset | filter event_type = ENUM.EVENT_LOG and action_evtlog_event_id = 4624 // Fil...

Resolved! Deploying XDR Agent for Mac with InTune

Hi all, We're trying to bring our few Macs into the systems management fold, and being a Microsoft shop we want to use InTune to manage them. Most Mac packages install files and then are configured in a separate set of commands after install. The XDR Mac client needs the config.xml file in place beside the Cortex XDR.pkg file when installing. I'...

m455954 by L0 Member
  • 22847 Views
  • 16 replies
  • 1 Likes

Resolved! Stopped services Cortex 8.9.0.136780

hi everyone, i deployed Cortex 8.9.0.136780 installation on my suse 15SP3, but when the installation finish many services are "STOPPED" i was try to fix it, but i'm unlucky, someone can told me if i do bad something or if neccesary to do something else? Cortex XDR Done[ 7] Starting Cortex XDR security servicesName PID User Status Commandpmd 1...

Cortex XDR triggers Code 10 on USB Audio despite exception - Vendor not selectable, need per-device allow without vendor or something

Environment• Endpoint OS: Windows 10/11 (latest patches)• Device: USB Audio (composite device, audio system)• Driver: wdma_usb.inf / service usbaudio.sys (MEDIA class)• Cortex XDR Agent: 8.9.0• Policy: Custom Device Control rule set (USB mass-storage = Block) with an exception intended for this audio deviceProblem• With the Default Device Contro...

  • 2589 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks