This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

Cortex XDR not detecting malicious files

Hi ,Why Cortex XDR is not detecting malicious files which are present in system.for testing purpose I have downloaded a test malware also but it is not reflected after the malware scan.Can anyone please give clarity on this.Does Cortex detects malicious files only when they are executed ?Does Cortex XDR don't detect files which are not executed...

Block logs to Data Lake from specific endpoint

Hello, I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it. Is there any way to block/prevent these endpoint uploading logs to the Data Lake? From my knowledge, we could implement Exclusion...

tntrust by L1 Bithead
  • 3123 Views
  • 4 replies
  • 0 Likes

Endpoint Operational Status

Currently, our devices are unprotected state and partially protected state due to disk consumption. Is the data in the cortex xdr incrementive or does it delete itself after sometime ? What is the possible solution for this issue ? How do we differentiate the disk consumption error is because of disk full in the user's system or is it becaus...

Protection against Hack5 tools incl. USB Rubber Ducky

Hello dear community, Has anyone of you expierience with usb rubber ducky and cortex xdr? Our supplier couldn't answer this from the beginnen of the poc. (~1Y) Maybe the collection of a community like you get this question faster answered? I would like to know how cortex would stop it in a smart way. BR Rob

Cyber1985 by L3 Networker
  • 4285 Views
  • 2 replies
  • 0 Likes

Resolved! Cortex XDR PoC Lab ft. CVE-2021-3560

  PoC Lab ft. CVE-2021-3560 By: @mfakhouri Table Of Contents Executive Summary What was CVE-2021-3560? What Does Privilege Escalation Entail? How is Polkit Supposed to Work? Cortex XDR at Play Overview of Lab Setup Script Adversary Motion and Vulnerability In Action Cortex XDR - Analytics Cortex XDR - The Correlation Rule Pivot Cortex ...

CortexLogo.PNG
twolinefix.PNG
linuxbasicpermissions.PNG
examplepolkitauth.PNG
mfakhouri by L3 Networker
  • 11604 Views
  • 4 replies
  • 7 Likes

Resolved! Cortex uninstall/removing issues - reminisces and files related to the Cortex XDR are left on the hard drive and cannot be removed from the endpoint.

Dear Live Community Members, My customer is facing issues when trying to remove Cortex XDR. In short, uninstalling the software is not removing all the config, and it gets all the old settings back, like the broker and other stuff. We even used the command CLEAN_AGGRESIVLY=1, but it still comes back with the wrong broker and settings from the...

XQL query to find endpoints where X application is installed but not Y application

Im needing to find endpoints that have a certain application (Application1) installed but then does not have (Application2) installed The query below returns results that have either Application1 or Application2 Im downloading the results and then using excel to find non duplicates, any way for xql to give me the results i need? config case_se...

AV Operations through XDR

Hello, 1. Please recommend the scanning period and best practices to achieve AV operations through XDR. 2. On what basis does the malware scanning take place. Is it signature based, Hash based etc.

Cortex XDR Overall Security Score Dashboard and Incident Trend Analysis

Hello Team, Can you kindly assist in a template or guide on how to create a custom dashboard to show the overall company security index based on all incidents and open vulnerabilities created on the Cortex XDR Platform and trends in showing that there are significant improvements in alerts closed and vulnerabilities discovered by host insight ...

orufai by L0 Member
  • 2369 Views
  • 2 replies
  • 0 Likes

Unprotected & Partially Protected operational status in Linux servers

Hello , Noticed in operational status Endpoint whose agent version is not upgraded mentioning status as protected ,unprotected & unprotected , After seeing operational status data came across 6 unique issue in servers . They are as follows: 1. "Xdr Data Collection Not Running Or Not SentLinux kernel module detected repeated ungraceful shu...

Compliance Dashboard

Hello, We noticed that the new Compliance dashboard has been added in the XDR console, but we don't see any details. What is this dashboard related to and from where it is fetching the data.

  • 2601 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks