Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Uninstall vs Using Agent Cleaner

When an IT admin uninstalls Cortex XDR from an endpoint does it remove that endpoint from the XDR Console?

When they use the Agent Cleaner to remove XDR from an endpoint does it remove that endpoint from the XDR Console?

We are running into duplicate e

...

Analytics engine time to establish baseline

Hi all,

I have a question about the analytics engine - how long does it take for it to establish a baseline?

I had it enabled yesterday and it started to give out alerts during the night, in the span of several hours.

seems like a rather short time to

...

Resolved! Non-persistent VDI shows up as Golden Image instead of VDI

Hi

We have a non persistent VDI environment. We installed the Cortex Agent (7.4.2.35695) on the Golden Image according to the guide: https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-2/cortex-xdr-agent-admin/cortex-xdr-agent-for-windows/cortex-age

...

CORTEX XDR Installation Error 1067

I am not able to install COrtex XDR in a WIN10 computer;

When we try to start the service below we received error message 1067

Cortex XDR multiple local malware analysis alerts on seemingly legit programs

Hi all,

I have a user whose agent generated a significant number of local malware alerts.

However, all of those alerts are generated on legit things like ms teams, vs code, iwconfig etc.

Morever, It's only on this user - those alerts dont pop up on the

...

XDR blocking thunderbolt mac docks

Hi all, question - can the XDR block a thunderbolt dock for macs? furthermore - all device control violations logged in the xdr main console, right?

Malicious files not found after Scanning

Hi,

After scanning, Cortex XDR agent detected some malicious files. But while taking live terminal and remote of that system, I cannot find those files in that particular path. Can anyone please tell, what might be the reason?

Regards

Cortex XDR - How We Distinguish Ourselves From a SIEM Solution

When running a SIEM, you need to have a huge team of many Analysts Level 1, Level 2, Level 3… Escalations to lateral teams (sometimes to take actions such as isolating endpoints/servers, gathering/deleting suspicious files, etc). It is laborious a

...

Resolved! Notification CORTEX compatibility

Hi, We received a PA notification about Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0. In our case we have the following scenario:

- Cortex agent

...

XDR Linux agent - what is the dypd process?

What is the purpose of the dypd process?

sudo /opt/traps/bin/cytool runtime query
Name PID User Status Command
pmd 32757 root Running /opt/traps/bin/pmd
analyzerd 534 474 Running /opt/traps/analyzerd/analyzerd 71 73 75
dypd 517 root Running /opt/traps/b

...

XDR command line scan

Hi All, I've been looking at the functionality of the cytool command line and cannot find a way to scan a particular file, which is available if you right click the file in Windows. Can anyone tell me if the ability to scan an individual file, or fol

...

Cortex XDR Alert Filter Query String Format

I'm looking to create a link which takes me directly to the list of low, medium, or high alerts, purely based on what is in the query string in the URL. For example, adding

/incidents?severity=SEV_040_HIGH&mode=all

to the end of my base XDR url works

...

Resolved! Windows 11 & Cortex XDR Compatibility

Hello,

are there any Information about the future compatibility of Cortex and Windows 11.

Will it work one day and if so, is there a specific date that i can look forward to?

Thank you in Advance.

Resolved! Cortex XDR device control exceptions

Hi all,

Iv'e a question about device control exceptions:

How do I exclude specific phones? Do I enter the manufacturer and then the phones serial number?

Cortex XDR linux agent questions

Hi all, I've a few questions about the linux agent:

- Are there any special permissions that i need to give the agent?

-What to do if i have an agent that doesn't want to checkin with the server? the pc is on, the service is up, and i did a manual chec

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Resolved! Uninstall vs Using Agent Cleaner

Analytics engine time to establish baseline

Resolved! Non-persistent VDI shows up as Golden Image instead of VDI

CORTEX XDR Installation Error 1067

Cortex XDR multiple local malware analysis alerts on seemingly legit programs

XDR blocking thunderbolt mac docks

Malicious files not found after Scanning

Cortex XDR - How We Distinguish Ourselves From a SIEM Solution

Resolved! Notification CORTEX compatibility

XDR Linux agent - what is the dypd process?

XDR command line scan

Cortex XDR Alert Filter Query String Format

Resolved! Windows 11 & Cortex XDR Compatibility

Resolved! Cortex XDR device control exceptions

Cortex XDR linux agent questions

Endpoint Blocked IP Addresses - visibility

Broker VM ssl connection

In Cortex XDR, if the Cloud Identity Engine Azure Sync fails and then reconnects automatically without any action,

Easier way to run cytool

Cortex false positives for OneDriveLauncher.exe?

Re: Cortex XDR login issue

Re: IoC Source Reliability Basis

Re: Policy scoping by partial endpoint_name --> Endpoint Group

Re: Cortex XDR Device Control Violation Query

Re: Cortex false positives for OneDriveLauncher.exe?

Unlock your full community experience!

Rules and Best Practices

Resolved! Uninstall vs Using Agent Cleaner

Resolved! Non-persistent VDI shows up as Golden Image instead of VDI

Resolved! Notification CORTEX compatibility

Resolved! Windows 11 & Cortex XDR Compatibility

Resolved! Cortex XDR device control exceptions