This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Resolved! Cortex XDR to take the cleanest snapshot of windows for rollback.

Hi LIVEcommunity, Is there a way for Cortex XDR to take the cleanest snapshot of windows so there is a point where we can rollback the endpoint after an attack? Windows has a feature called Volume Shadow Copy Service (VSS) but can Cortex XDR use this after a ransomware attack? What if the VSS is corrupted, how can Cortex XDR protect the VSS an...

Resolved! Intune MDM

We want to deploy Cortex XDR agents to our Intune managed mobile phone devices (both ios & android). Is there any guide available to do that?

XQL - "After hours" query

This is a fairly dataset agnostic query snippet to look for events "after hours". You'll need to define what that means and also convert the time zone to your local time. This might not work if you're using UTC in the console, I'm not sure there. It took me some doing to get this working correctly and it's a common thing someone might want to...

How to sizing pro per gb

Hi Expert , I would like to know about how to sizing pro per gb i know about if would like size ngfw refer with sls-sizing-estimator and lps per model but it seems like when i calculate is a huge size i'm not sure how to actually size and another log source please adivse me . Thank you

Slow get_alerts API response / Validity check

Hi all, I’m integrating Cortex XDR APIs and want to validate the get_alerts endpoint for connectivity and credentials. I’ve already tested the get_incidents endpoint, and it works fine with our API keys. When I call get_alerts, it always takes ~50 seconds to respond, even with minimal filters (e.g., creation_time >= current_time) and small ...

moradiya by L0 Member
  • 657 Views
  • 1 replies
  • 0 Likes

SHOW ALL ALERT

Greetings everyone. I'm having a problem with Cortex XDR. Low-level security events aren't appearing on the dashboard; only medium, high, and critical ones do. I'd like all alerts to appear on the dashboard. I only see low-level alerts when I go to the /alerts directory and receive them via email. Cortex XDR

I want to block certain certutil commands from being executed through the BIOC Rule

Unable to get it why the below BIOC rule can't be added into the restrictions policy. I was trying to write a BIOC rule for monitoring dropped files via certutil. : dataset = xdr_data | filter event_type = 2 and event_sub_type = ENUM.NETWORK_STREAM_CONNECT | filter actor_process_image_name = "certutil.exe" | filter ( os_actor_process_command_...

P.Madye by L0 Member
  • 737 Views
  • 1 replies
  • 0 Likes

Cortex XDR blocking wps

Why is cortex xdr blocking wpscloudsvr.exe and wps.exe? In the artifacts there is also this: "kaccountsdk.dll". To me they all seem genuine, or am I missing something?Also the initial cmd is confusing:""C:\Users\a\AppData\Local\Kingsoft\WPS Office\12.2.0.22530\office6\wpscloudsvr.exe" /wpscloudlaunch /run_plugin /plugin_name=ktaskschdtool /plugi...

Experience with Enabling IP Restriction for Cortex XDR Console Access Message:

Hi, I’m planning to enable the IP restriction (Approved IP Ranges / Allowed Sessions) feature for Cortex XDR console access. I already know where the option is located, but I’d like to hear from others who have enabled it. What was your experience when setting it up? Did you face any challenges (for example, avoiding admin lockout)? What b...

OrkhanM by L1 Bithead
  • 732 Views
  • 1 replies
  • 0 Likes

After the Cortex XDR agent is installed, there is a volume shadow copy issue on the endpoint.

The VSS service on the endpoint is configured with a startup type set to Automatic. VSS operates normally until the Cortex XDR agent is installed. However, after the agent is installed for the first time, VSS fails to stay active despite its automatic startup setting. When manually started, the service repeatedly disables and re-enables itself. ...

How to Block Mobile Phones (iPhone/Android) via USB Using Device Control

Hi everyone, I'm currently working on a Device Control policy in Cortex XDR and I need to block mobile phones (iPhones, Android devices, etc.) when they are connected via USB — similar to how USB drives and external disks can be blocked. I understand that Cortex XDR uses ClassGuid to identify device types (https://docs-cortex.paloaltonetworks....

  • 2589 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks