Cortex XDR Discussions

How to allow software for specific user

We are going to block the software by hash or process if in the future user requests an exception for a specific endpoint and how to create an exception for one particular endpoint and allow the software

SIEM Wazuh & Cortex XDR agent / Are there known issues running both agents?

Hello dear community!

Has anyone of you some expirience with Cortex XDR agent and Wazuh Agent?

We are discussing to setup wazuh as a SIEM, instead of splunk, Cortex DL, etc.

BR

Rob

Resolved! Clients/Server do not have assigned endpoint group ALERT / CORRELATION / XQL

Hello dear community,

I want to share with you my little XQL script which can identify and alert connected Clients which have no assigned endpoint group.

This can happen:

- Cortex is installed, but the endpoint name does not match the defined c

...

After not using a broker, the endpoints are unable to connect to the server.

Dear community,

I tried to make some agents connect directly to the server without using a broker.

However, it's not able not connect to server.

I referred to the practices of others, and tried executing "cytool reconnect force", but still couldn't

...

Resolved! How to automatically input the password when using the "cytool reconnect" command?

Hi everyone,

I want to run Cytool reconnect on multiple computers,

I tried the following

echo <password>| cytool reconnect force

it works, but still displays "Enter supervisor password:", so you still need to press enter to let it continue r

...

Resolved! XDR Agent auto update behaviour - Terminalserver / temporary session

Hello dear community,

we are running several terminal server (MS Windows) and we would like to now, why these ones (installed with TS_ENABLED=1) do not get upgraded automaticliy, when there is a new agent version available.

BR

Rob

DNS resolution was wrong for Firewall alerts

Dear LIVEcommunity,

Did anyone encounter problem such as hostname does not match with the IP address for alert ingested from NGFW?

This is especially true when come to host that doesn't have Cortex XDR agent installed. Now, if the host cannot insta

...

how to vie cloud identy engine logs on cortex

We successfully implemented the cloud identity engine on-prem and in the cloud, and we enabled the engine on the cortex as well, but we don't know how to view the logs. Could you please tell us where to look for the login logs on the cortex?

Number of incidents per month on cortex XDR

Hello,

Does anyone know how to generate a report of the number of incidents per month on cortex ?

I can only generate for the current month and not for the past months.

Thanks in advance.

Cortex XDR - All Actions export

Greeting to all!

I have faced an interesting use case with Cortex XDR and I haven't seen solution to it ever before.

Short description of the situation - We have a successful vulnerability exploitation event. We know for sure, that it was exploited an

...

Resolved! Inquiry: URL IOC Capability in Cortex XDR

Dear Palo Alto Community,

I hope this message finds you well. As an active member of the community, I would like to reach out and seek your expertise regarding the capabilities of Cortex XDR, specifically in relation to the integration of URL Indic

...

How to use interactive script mode Run Kansa investigation powershell

Hi

does anyone know

How to add investigation powershell to the Agent script Library of XDR Action Center. That I can choose it to do incident investigation when using XDR interactive script mode

Tracking Cortex XDR Corrupted Agents

Dear Community,

When I first started the Cortex XDR Project and started installing the agents, I made a mistake and deleted the outdated installation packages from the portal.

After that I started getting a lot of disconnected agents as if they try

...

Why there are no related alerts on scanned malicious files.

Hi, we have recently malware scanned an endpoint and upon checking the results, it appears that there were 3 malicious files on the host.

Now, I tried to right click and view related alerts on the 3 malicious files and it just shows nothing. What's

...

Discussions

How to allow software for specific user

SIEM Wazuh & Cortex XDR agent / Are there known issues running both agents?

Resolved! Clients/Server do not have assigned endpoint group ALERT / CORRELATION / XQL

After not using a broker, the endpoints are unable to connect to the server.

Resolved! How to automatically input the password when using the "cytool reconnect" command?

Resolved! XDR Agent auto update behaviour - Terminalserver / temporary session

DNS resolution was wrong for Firewall alerts

how to vie cloud identy engine logs on cortex

Number of incidents per month on cortex XDR

Cortex XDR - All Actions export

Resolved! Inquiry: URL IOC Capability in Cortex XDR

How to use interactive script mode Run Kansa investigation powershell

Tracking Cortex XDR Corrupted Agents

Why there are no related alerts on scanned malicious files.

Resolved! Cannot edit custom role

Event Logs That Are being Gathered With Cortex XDR - Windows

Post detected by Wildfire

Help finding green alert log screen in Cortex XDR

Events That Cortex XDR is Logging

ShroudedSnooper targets security components of Palo Alto Networks Cortex XDR

Re: Event Logs That Are being Gathered With Cortex XDR - Windows

Cortex XDR compatibility with MacOS Sonoma (14.0)

Re: Cannot delete endpoint group

Re: Agent v.7.9 Removed???

Re: XQL filter o365 attachments