This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Cortex XDR with Citrix App Layering and MCS

We're in the process of installing a new setup with Citrix App Layering (Full User layers) and MCS. I've followed the suggestions here on non-persistent installation (VDI_ENABLED=1); even though our setup technically is sort of persistent (because of the Full User layers), it's still Golden Image-based and therefore needs to be VDI enabled. And ...

BocoIP by L1 Bithead
  • 7978 Views
  • 4 replies
  • 0 Likes

Endpoint Connection Lost

Hi all, Some of our endpoints in our Cortex XDR Console shows a "Connection Lost" Status but the endpoint is still active.The cytray shows disabled and no connection. We also checked the control panel and upon checking, The installed Cortex XDR Agent is not available or missing. How is it possible that the cortex XDR agent is gone on the contro...

EJaspe by L1 Bithead
  • 2892 Views
  • 2 replies
  • 0 Likes

Resolved! XQL query Host Inventory numerical values Services

When running xql queries against host inventory i have 2 questions1.Is there documentation that states what each field means in the arrayThe example below " start mode" and "state" are numericalIt appears start mode3= "Service Manual Start" but i need a full list to show what number represents stopped, paused...etc 2.Once i know start mode3 = se...

Resolved! How to query XDR for all incidents that relate to a device group

The Get Incidents API allows you to filter based on an incident_id_list, but not a list of endpoint_ids much less endpoint group. The Get Alerts API allows you to filter on an alert_id_list, but not a list of endpoint_ids much less endpoint group. I'm trying to figure out how to get a list of alert_ids or incident_ids filtered by endpoint group...

Resolved! Cortex XDR - Endpoint/Incident API Limit (100) - PowerBI Query

I am attempting to pull in endpoint/incident data using the appropriate API in PowerBI. However, there's a limit of 100 . I tried adding a separate custom column anticipated that my total number of incidents would be let's say "x" value, but that just repeats the already pulled 100 rows. See a copy of the Query I am using below: letbody = "{ ""r...

Cortex XDR disk encryption

Hello, I can't turn off disk encryption. I disabled the disk encryption policy for an endpoint, then the encryption status returned as not configured. But I can still see bitlocker on the endpoint is ON. How can I turn off bitlocker on endoint not manually but via cortex XDR? Thanks!

Citrix PVS servers consuming multiple Cortex XDR licenses

Hi all, We're having an issue where Citrix PVS servers running Cortex XDR consume a new XDR license every time they reboot. I don't fully know how PVS works, but essentially from what I can gather is upon booting up, it pulls a copy of an image from the master and loads into that, and these servers are configured to reboot every night - thus rep...

Untitled.png

How to get the list of alerts/incidents for a particular list of hosts?

Hi,I need to know how can we get alerts for particular hosts/ a specific group ( Ex: 1000 agents ) in the Cortex XDR console -> Incident Response -> Incidents -> Alerts table. I have tried from filter option but it doesn't work. We can't add all the agent names in the hostname for the 1000 servers as it is time-consuming. So, is there a...

CIDR Lookup or Join for IP Enrichment

I would like to use some custom datasets to enrich some of our XQL searches. It could be our subnets from our IPAM or in this example the ASN information. I have used lookups and joins in the past to accomplish this in others tools and would like to do the same with Cortex XQL. I did look at incidr and incidrlist but it seems to be the opposi...

Verdict of VT and WildFire

Hello Team, From XDR console, we wanted to export alerts includes verdict from WildFire and Virus Total which we are not getting. Can anyone help me with XQL query or other way to get verdict (for e.g. Process: Excel.exe WF Verdict: Benign and VT score 0/65) includes in exported alerts. Cortex XDR

macOS Big Sur - how to automate full install, eliminate manual approval of system extension files

we are still manually installing Coretex to our Macs on Big Sur, this involves some time and the hope that our human computer builder / imager doesn't forget to manually approve PMD and Traps extensions. Is there a method where we can use a script install and automatically approve the installation of Coretex XDR version 7.3.0 build 2207? if it...

  • 2589 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks