This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1404 Views
  • 0 replies
  • 3 Likes

XDR install not connecting

After getting a Tech Coordinator to remove the old Traps version, she rebooted, and downloaded and installed XDR version 7.5 that I had sent to her. However it shows it is disabled and will not connect to the server. Any advice?

 

pdysart_0-1640196661324.png
pdysart by L1 Bithead
  • 2780 Views
  • 2 replies
  • 0 Likes

Resolved! Cortex Xdr Cytool Linux Force Reconnect

hi ,

I'm trying to create a Python script that I can run from management
to change the Installation Package value,
something like this;

import os

os.system('/opt/traps/bin/cytool reconnect force ecXXXXXXXXXXXX5efdbe920')

I was already able to create one li

...

Resolved! Is it possible to search for Macros in Cortex?

Can Cortex see if macros have been launched on an endpoint, specifically Office Macros? 

I tried the "All Actions" query and searched for .doc and .xls files but no luck. 

 

Has anyone tried to search for macros using Cortex query or xql? 

 

Just to clari

...

Cortex agent got uninstall automatically

Hi All,

 

Last night Cortex agent got uninstalled automatically on my system and then I had to install it back manually. There are no logs in agent audit logs for this in cortex console.

 

We need to find out why this was uninstalled automatically. Will

...

AsifSid by L2 Linker
  • 2807 Views
  • 2 replies
  • 0 Likes

Problems installing Cortex XDR to a user

Hello Palo Alto Team.

 

When installing Cortex XDR on a user, we must disable Windows Anti-Tampering, due to the following error:

 

 

If Windows Anti-Tampering is disabled, we still have installation problems.

 

 

Operating system name: Microsoft Windows 10

...

irissentinel_0-1637154458742.png
irissentinel_2-1637154670760.png

Cortex XDR high RAM usage

Hello everybody,

 

  We have a problem with RAM usage of our Cortex XDR agents. We have seen this issue about 7-8 endpoints for 2 moth. Ram usage of our endpoints increased up to 2 GB. it seems this is not agent version related problem. Because today w

...

Resolved! Cortex XDR Broker VM questions

Hi All,

 

Can anyone answer a few questions about Cortex XDR Broker VM?

 

If the Broker VM is being used as a proxy, do the hosts connecting to the Broker VM need to be on the same subnet as the Broker VM or can they communicate with the Broker VM via th

...

Ben-Price by L4 Transporter
  • 3715 Views
  • 1 replies
  • 0 Likes

BrokerVM proxy configuration error

hello, 

 

i'm facing this issue when i try to configure the ip addresse of the proxy so i can send logs throught brokerVM: 

C:\Program Files\Palo Alto Networks\Traps>cytool proxy set "X.X.X.X:YY"

Enter supervisor password:

RpcClient: SendRequest: Error 13

...

NCherbib by L2 Linker
  • 4849 Views
  • 3 replies
  • 0 Likes

problem with cytool

hello,

 

i'm facing an issue will adding proxy setting using a command  cytool i recieve this error "cytool is not recognized as an internal or external command, operable program or batch file."

 

any help please.

 

BR.

NCherbib by L2 Linker
  • 5513 Views
  • 4 replies
  • 0 Likes

Tracking Corrupt Cortex XDR Agents

I am looking for any input on how other customers are handling situations where:

 

1. The agent is installed on a host and says it is checking in, but it does not appear in the Cortex XDR Console

2. The agent is corrupt and has stopped reporting back (d

...

  • 2423 Posts
  • 88 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks