Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Cortex XDR with Carbon Black

Hi All,

I know it is a stupid question but I am encountering this situation that we need to install Cortex XDR working with Carbon Black (it's a long story). May I know if anyone experienced this before or any suggestions on exclusion? Thank you so

...

Resolved! Cortex XDR report

Hello Live community,

I have a question about the report on Cortex, i want to know if the “Infected Endpoints” comes as default in Cortex reports or if we need to configure something to show that option?

Do the widgets "incidents by source" or "Top in

...

Resolved! How do we set an incident title ?

Hello all,

I feel this is a silly question but I don't know the answer and can't find it.

We have a lots of incident comming from Splunk integration with the following title: ":".

We can't find anywhere inside classifier or mapper how to set the titl

...

Using Windows environment variables in XDR Firewall

Hello,

Configuring host firewall via XDR and I cannot seem to get the Windows environment variables running.

Basically, there's an implicit deny for inbound/outbound connections, so there are applications that require some internal/localhost connectio

...

Who/How to send feedback on "Cortex XDR Scheduled Maintenance on January 17" email notification?

Hello Livecommunity
I believe there are Palo Alto representatives that do some level of monitoring and participation in this Forum, would they or someone know where you provide feedback to enhance notifications such as the one listed above, that descr

...

Log storage and resources usage

Hi everyone!

How much space do the cortex xdr agent records use? I understand that in the agent profile configurations you can set the quota for log storage, by decreasing the quota the logs are automatically purged ??, for the last one on my machine

...

Resolved! Cortex & Wildfire - The WF detailed analyze reports arrives with a delay.

Dear PA community members,

I've done the research but could not find any info bout the Wildfire limitations nor any issues which could explain why in some cases the WildFire Report arrives with delays.

As per WildFire Analysis Concepts: https://docs.

...

Resolved! Does Cortex XDR prevents SolarWinds Orion backdoor attack.

Does Traps Cortex XDR, has prevention for SolarWinds Orion Backdoor Supply Chain Attack (Sunburst/ Solorigate)?

Recent Change - creation of Threat ID #8002 Alerts in Cortex

Hello all,
Beginning on or around 14/15 December, I began to notice we were commonly generating the following Alerts in Cortex:

Alert name: Threat ID #8002

Description: Scan Detection

Alert Source: PAN NGFW

Category: Scan Detected via Zone Protection Pro

...

Resolved! Feature Request: Ability to add a 'Comment' when Bulk Uploading IOC Rules in XDR

When adding IOC's to XDR, adding a comment is a useful way to keep track of where the IOC originated from. When an alert is triggered from that IOC, the analyst can review the IOC rule and read the comment for context.

When 'bulk' uploading, using a

...