This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Endpoint Operational Status

Currently, our devices are unprotected state and partially protected state due to disk consumption. Is the data in the cortex xdr incrementive or does it delete itself after sometime ? What is the possible solution for this issue ? How do we differentiate the disk consumption error is because of disk full in the user's system or is it becaus...

Protection against Hack5 tools incl. USB Rubber Ducky

Hello dear community, Has anyone of you expierience with usb rubber ducky and cortex xdr? Our supplier couldn't answer this from the beginnen of the poc. (~1Y) Maybe the collection of a community like you get this question faster answered? I would like to know how cortex would stop it in a smart way. BR Rob

Cyber1985 by L3 Networker
  • 4200 Views
  • 2 replies
  • 0 Likes

Resolved! Cortex XDR PoC Lab ft. CVE-2021-3560

  PoC Lab ft. CVE-2021-3560 By: @mfakhouri Table Of Contents Executive Summary What was CVE-2021-3560? What Does Privilege Escalation Entail? How is Polkit Supposed to Work? Cortex XDR at Play Overview of Lab Setup Script Adversary Motion and Vulnerability In Action Cortex XDR - Analytics Cortex XDR - The Correlation Rule Pivot Cortex ...

CortexLogo.PNG
twolinefix.PNG
linuxbasicpermissions.PNG
examplepolkitauth.PNG
mfakhouri by L3 Networker
  • 11405 Views
  • 4 replies
  • 7 Likes

Resolved! Cortex uninstall/removing issues - reminisces and files related to the Cortex XDR are left on the hard drive and cannot be removed from the endpoint.

Dear Live Community Members, My customer is facing issues when trying to remove Cortex XDR. In short, uninstalling the software is not removing all the config, and it gets all the old settings back, like the broker and other stuff. We even used the command CLEAN_AGGRESIVLY=1, but it still comes back with the wrong broker and settings from the...

XQL query to find endpoints where X application is installed but not Y application

Im needing to find endpoints that have a certain application (Application1) installed but then does not have (Application2) installed The query below returns results that have either Application1 or Application2 Im downloading the results and then using excel to find non duplicates, any way for xql to give me the results i need? config case_se...

AV Operations through XDR

Hello, 1. Please recommend the scanning period and best practices to achieve AV operations through XDR. 2. On what basis does the malware scanning take place. Is it signature based, Hash based etc.

Cortex XDR Overall Security Score Dashboard and Incident Trend Analysis

Hello Team, Can you kindly assist in a template or guide on how to create a custom dashboard to show the overall company security index based on all incidents and open vulnerabilities created on the Cortex XDR Platform and trends in showing that there are significant improvements in alerts closed and vulnerabilities discovered by host insight ...

orufai by L0 Member
  • 2341 Views
  • 2 replies
  • 0 Likes

Unprotected & Partially Protected operational status in Linux servers

Hello , Noticed in operational status Endpoint whose agent version is not upgraded mentioning status as protected ,unprotected & unprotected , After seeing operational status data came across 6 unique issue in servers . They are as follows: 1. "Xdr Data Collection Not Running Or Not SentLinux kernel module detected repeated ungraceful shu...

Compliance Dashboard

Hello, We noticed that the new Compliance dashboard has been added in the XDR console, but we don't see any details. What is this dashboard related to and from where it is fetching the data.

Routing traffic towards Broker VM

Hi All, We have a Broker VM set up in our environment, and we only want the agents to communicate with the tenants through the Broker. However, we are seeing few endpoints talking to the Tenant directly over the internet.Although "proxy" is specified for all of these endpoints, the "last used proxy" field is empty for a few endpoints. Is there...

MithunKT by L2 Linker
  • 2606 Views
  • 1 replies
  • 0 Likes

issue connection to Cortex Data Lake

Facing issue connection to Cortex Data Lake, Firewalls are connected to CDL, but are unable to see the logs when the device is on the hub, looks firewall is sending the logs but can't see them on the explorer page, In addition, on the HUB, we see the firewall is connected partially.

Blocking of IOC in cortex XDR

How can IOCs be blocked on XDR so we don't observe alerts or incidents related to it at all? When putting the hash of the IOC in the block list through the action centre it still triggers incidents and alerts. Is there any other way other than using alert exclusion to not see alerts at all related to the blocked IOC?

  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks