Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Windows 11 & Cortex XDR Compatibility

Hello,

are there any Information about the future compatibility of Cortex and Windows 11.

Will it work one day and if so, is there a specific date that i can look forward to?

Thank you in Advance.

Resolved! Cortex XDR device control exceptions

Hi all,

Iv'e a question about device control exceptions:

How do I exclude specific phones? Do I enter the manufacturer and then the phones serial number?

Cortex XDR linux agent questions

Hi all, I've a few questions about the linux agent:

- Are there any special permissions that i need to give the agent?

-What to do if i have an agent that doesn't want to checkin with the server? the pc is on, the service is up, and i did a manual chec

...

Cortex Data lake License

Our client has recently purchased the Cortex Data Lake license and we are trying to set this up for them. The firewalls are on version 10.0.7 and have valid certificates but under "Device -> Licenses", we do not see a license for Cortex Data Lake de

...

Possible FP alerts on linux

Hi,

I seemingly have a problem with the xdr agents installed on ubuntu workstations -I get "local malware analysis" alerts on seemingly benign programs and executables such as chrome, VS code, systemd and such.

WF shows either benign or unknown.

Proble

...

Resolved! Broker VM

Hi everyone

From the Ingest Logs from Elasticsearch Filebeat documentation, it mentioned "use the broker VM to proxy Filebeat communication". May I know how to configure the broker VM as proxy for Filebeat communication?

Join Our AMA on Cortex Training and Credentialing Opportunities!

LIVEcommunity’s latest Ask Me Anything (AMA) session is all about Education Services Training and Credentialing opportunities for all things Cortex! From digital learnings and instructor-led trainings to the first-ever Cortex XDR certification, this

...

XDR OSX Monterey (12.x) support status

Hello

I see that OSX 12.X Monterey is currently not supported by any XDR agents. Is there an indication when this may be likely in the road map?

I have several users eager to update

Can Cortex XDR be installed to be standalone?

We're in a situation where HQ has moved to Cortex XDR, at the satellite facilities, there are PC/Laptops that never touches HQ network and are often standalone systems or is on a competely separate domain and those domain is to never communicate with

...

Endpoint disconnected - Admin console

I am having issues with an endpoint connecting to the Cortex XDR dashboard,

The Cortex XDR console from within the OS is showing as 'Enabled' however it is disconnected from the endpoint administrator console.

I have attempted restart the services usi

...

Windows version 21H2 - Cortex incompatibility

Hi,

We received a PA notification about Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0.

In our case we have the following scenario:
- Cortex agent

...

Disk Encryption Status Not Compliant and Disk Not Encryption

Hi Expert,

I wanna ask about disk encryption, I already follow guide from Palo for create policy disk encryption.

But after I checked my volume device still same, and status is Not Compliant

please give me advice for this

Resolved! Blocking file execution based on nameand\or BIOC\IOC

Hi all, I was wondering - can i block execution of files based on bioc\ioc and or file name?

As in, not just raise an alert(which i already have) but also actively block the file execution

Ignore all authentication requests alerts from a particular IP

We use a vulnerability scanner internally to test all endpoints for any known vulnerabilities or leaked credentials.

Cortex has been alerting to this, but since we know this is intentional traffic, is there a way to ignore certain authentication requ

...

Resolved! Testing malware blocking and alerting in the xdr

Hi all,

I'm trying to run checks on my mac, that has a cortex xdr agent, trying to see how the blocking & quarantine functions before setting the policy to all endpoint in my organization.

However, EICAR files, and the test file that palo alto provides

...

User

Count

User

Likes Count

2 Likes

1 Likes

Cortex XDR Discussions

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Resolved! Windows 11 & Cortex XDR Compatibility

Resolved! Cortex XDR device control exceptions

Cortex XDR linux agent questions

Cortex Data lake License

Possible FP alerts on linux

Resolved! Broker VM

Join Our AMA on Cortex Training and Credentialing Opportunities!

XDR OSX Monterey (12.x) support status

Can Cortex XDR be installed to be standalone?

Endpoint disconnected - Admin console

Windows version 21H2 - Cortex incompatibility

Disk Encryption Status Not Compliant and Disk Not Encryption

Resolved! Blocking file execution based on nameand\or BIOC\IOC

Ignore all authentication requests alerts from a particular IP

Resolved! Testing malware blocking and alerting in the xdr

Palo Alto Cortex Broker Virtual Machine (Broker VM) security understanding

Rare Login Query Not Working

Help with fine tuning a query using $arguments and enclosing them in "quotes"

Details regarding %PROGRAMDATA%\Cyvera\ folders

How to check powershell version at cortex XDR

[Cortex XDR] Are there any How-To video recordered about Windows Event Collector applet for the broker VM?

Cortex Broker Mapper scans

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Re: Cortex XDR Get Incident API function 'hosts':None

Re: Rare Login Query Not Working

Unlock your full community experience!

Cortex XDR Discussions

Rules and Best Practices

Resolved! Windows 11 & Cortex XDR Compatibility

Resolved! Cortex XDR device control exceptions

Resolved! Broker VM

Resolved! Blocking file execution based on nameand\or BIOC\IOC

Resolved! Testing malware blocking and alerting in the xdr