Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! Alert from which source/rule?

Hello!

 

We have some alerts which show us a large upload. 

 

 

My problem is now, I saw other clients uploading a ton of bytes, but this Alert wasn't fired. 

I also cannot find any Rule for this. 

Where is it comming from? 

 

BR

 

Rob

 

 

RFeyertag_0-1659634616953.png

Resolved! XQL query with multiple values

Hello Community,

 

I'm been using the platform for a couple months and recently I'm getting interested in XQL query.

My question is how to I simplify the search string if i have multiple values that I need to insert?
With the example below, i'm lookin

...

myu06kkn by L1 Bithead
  • 604 Views
  • 2 replies
  • 0 Likes

XDR_DATA logs ingestion to splunk

I am thinking of a way to bring in xdr_data dataset logs which we see in xdr query builder to splunk.

As of now i am ingesting the alert and incident data from cortex xdr into splunk.

Can anyone suggest, how i can achieve this?

 

Cortex XDR Query Builder

Hello Community,

Was wondering whether someone could assit me with an issue.

So at the moment i cannot make any search via the "Query Builder".

When i move to query center and create a custom query i can only return results when i search "dataset = pan_

...

willh1_0-1659109209207.png
willh1 by L0 Member
  • 549 Views
  • 1 replies
  • 0 Likes

Resolved! Event_Sub_Type Failed to run

When running this XQL query if I add event_sub_type to the filter it fails to run

I can run the query without any filters, and then add the event_sub_type column without issues

 

dataset = xdr_data
| filter event_type = ENUM.FILE and (event_sub_type =

...

NathanBradley_0-1659458727567.png

Upgrade agents locally

Hello,

 

Is there any option available to upgrade agent from local agent console? (Eg: If local IT team can upgrade agent from endpoint directly)

 

Thanks

 

NivedaR by L2 Linker
  • 749 Views
  • 5 replies
  • 0 Likes

Resolved! Can't register Broker VM

I downloaded and setup the Broker VM Virtual machine in Hyper V on a server 2016 computer, I log into the IP address, go through the setup steps, test my connection to the time server, then click register and paste the token from the page I got the V

...

brokerVMerror.jpg

Resolved! XQL "call" functions from scripts library

Hi Peeps,

 

So XQL has this call function to fetch results from a saved query in the query library. Lets take this for example:

 

call "All appdata executions for the past 30 days"

 

Now, the problem is that my saved query is waiting for a parameter

...

Endpoints not being reflected on the XDR console

Hello ,

 

We are facing an issue where an endpoint will be reflected on XDR console but after some time the same endpoint will not be seen on the console . Somehow it will come again after a while or a day or two. Does anyone know why this might be h

...

NivedaR by L2 Linker
  • 509 Views
  • 3 replies
  • 0 Likes

Resolved! Xdr ramsonware test is not detected

Hi. We recently we have acquired a solution to test our systems.
In one of the tests, we have detected that Cortex does not detect attacks, such as using util control with .net injection.
The test machine has created a malware profile with everything l

...

Resolved! Exporting alert related data

Hi All,

 

Is there a way to export all the alert data which appears below Causality chain like network connections, registry changes, etc ?

 

I don't see any download or export icon on the right-hand side of the pane. 

 

Do we have any other way to e

...

MithunKT by L2 Linker
  • 895 Views
  • 4 replies
  • 0 Likes

Resolved! Tamper protection question

Hello dear live Community! 

 

I found a very interesting link on Twitter and would like to know if there is any detection and/or prevention for this technique?

 

https://synzack.github.io/Blinding-EDR-On-Windows/

 

BR 

 

Rob