Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4434 Views
  • 0 replies
  • 3 Likes

Resolved! Exclusion criteria import

Hi all. Does anyone know of a way - or a work around for the following situation. I have a long list (about 700) IPs that I want to create an alert exclusion from. These are external scanners that our firewall blocks and we get a large amount of alerts because of this. I would like to create an alert exclusion so we no longer have to deal wi...

Pop-up Blocked Alert Not Displaying Blocked File

Hello, A client received a pop-up blocked alert because a suspicious executable was found on their machine. When the client went to view more details, the executable that was blocked was never displayed in the details information. Why is that? By the way this was a post detection blocked Cortex XDR alert. I have attached a screenshot of the al...

Cortex XDR agents upgrade

Hello everybody, Is Cortex XDR agents auto upgrade recommended? We enabled agent auto upgrade at the moment. But we worry this can cause some problems in future. Can anybody give suggestions about this situation? Thanks.

[Network location] - too long to check location

Hi community, Does somebody is using Cortex XDR - Network Localtion (from agent settings profile). My problem is that the network location is too long, specifically when users comme back to our office from their own internet connection, internal profile takes about 2 minutes to change from external to internal. External = restricted firew...

Cortex XDR not detecting malicious files

Hi ,Why Cortex XDR is not detecting malicious files which are present in system.for testing purpose I have downloaded a test malware also but it is not reflected after the malware scan.Can anyone please give clarity on this.Does Cortex detects malicious files only when they are executed ?Does Cortex XDR don't detect files which are not executed...

Block logs to Data Lake from specific endpoint

Hello, I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it. Is there any way to block/prevent these endpoint uploading logs to the Data Lake? From my knowledge, we could implement Exclusion...

tntrust by L1 Bithead
  • 3258 Views
  • 4 replies
  • 0 Likes

Endpoint Operational Status

Currently, our devices are unprotected state and partially protected state due to disk consumption. Is the data in the cortex xdr incrementive or does it delete itself after sometime ? What is the possible solution for this issue ? How do we differentiate the disk consumption error is because of disk full in the user's system or is it becaus...

Protection against Hack5 tools incl. USB Rubber Ducky

Hello dear community, Has anyone of you expierience with usb rubber ducky and cortex xdr? Our supplier couldn't answer this from the beginnen of the poc. (~1Y) Maybe the collection of a community like you get this question faster answered? I would like to know how cortex would stop it in a smart way. BR Rob

Cyber1985 by L3 Networker
  • 4475 Views
  • 2 replies
  • 0 Likes

Resolved! Cortex XDR PoC Lab ft. CVE-2021-3560

  PoC Lab ft. CVE-2021-3560 By: @mfakhouri Table Of Contents Executive Summary What was CVE-2021-3560? What Does Privilege Escalation Entail? How is Polkit Supposed to Work? Cortex XDR at Play Overview of Lab Setup Script Adversary Motion and Vulnerability In Action Cortex XDR - Analytics Cortex XDR - The Correlation Rule Pivot Cortex ...

CortexLogo.PNG
twolinefix.PNG
linuxbasicpermissions.PNG
examplepolkitauth.PNG
mfakhouri by L3 Networker
  • 12095 Views
  • 4 replies
  • 7 Likes
  • 2624 Posts
  • 98 Subscriptions
Top Solution Authors
Top Liked Authors