This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4363 Views
  • 0 replies
  • 3 Likes

BrokerVM

Hello, i'm facing an issue after deleting brokerVm from the console management, i'm not able to add it again, any help for this issue?? BR.

NCherbib by L2 Linker
  • 2748 Views
  • 2 replies
  • 0 Likes

Test Custom BIOC Rules

Hi Expert, Please help me to create custom BIOC rules for the testing.My company want to create rules bioc informational if We create/delete spesific file in spesific folder, and the information will appears in incidents.Is it possible? If is it possible, please inform to me How to create that? Thanks Expert, please give me advice

Connecting an VM Broker to an offline endpoint

Hello everyone, Do excuse me for my rather lack of experience. I was wondering if there was any way for me to connect a VM broker that acts as a proxy for it to allow an offline endpoint to be connected to the internet? I appreciate any advice given for this. Many thanks in advance.

Resolved! Uninstall vs Using Agent Cleaner

When an IT admin uninstalls Cortex XDR from an endpoint does it remove that endpoint from the XDR Console?When they use the Agent Cleaner to remove XDR from an endpoint does it remove that endpoint from the XDR Console?We are running into duplicate endpoints when Admins install new versions manually: Just trying to better understand what is caus...

pdysart by L1 Bithead
  • 5496 Views
  • 1 replies
  • 0 Likes

Analytics engine time to establish baseline

Hi all, I have a question about the analytics engine - how long does it take for it to establish a baseline?I had it enabled yesterday and it started to give out alerts during the night, in the span of several hours. seems like a rather short time to establish baselines, even based on data from only the agents installed on the endpoints.

Resolved! Non-persistent VDI shows up as Golden Image instead of VDI

HiWe have a non persistent VDI environment. We installed the Cortex Agent (7.4.2.35695) on the Golden Image according to the guide: https://docs.paloaltonetworks.com/cortex/cortex-xdr/7-2/cortex-xdr-agent-admin/cortex-xdr-agent-for-windows/cortex-agent-for-virtual-environments-and-desktops.htmlIf we then create new VDIs based on this image with ...

Cortex XDR multiple local malware analysis alerts on seemingly legit programs

Hi all,I have a user whose agent generated a significant number of local malware alerts.However, all of those alerts are generated on legit things like ms teams, vs code, iwconfig etc.Morever, It's only on this user - those alerts dont pop up on the other few linux users we have.My questions are this:-Is there anyway to teach the xdr those are f...

Cortex XDR - How We Distinguish Ourselves From a SIEM Solution

When running a SIEM, you need to have a huge team of many Analysts Level 1, Level 2, Level 3… Escalations to lateral teams (sometimes to take actions such as isolating endpoints/servers, gathering/deleting suspicious files, etc). It is laborious and time consuming to perform simple actions, like creating an alert. Read Cortex XDR - How We Dis...

nhussaini_0-1634871886225.jpeg
nhussaini by L4 Transporter
  • 8469 Views
  • 3 replies
  • 1 Likes

Resolved! Notification CORTEX compatibility

Hi, We received a PA notification about Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0. In our case we have the following scenario:- Cortex agent version: 7.4.3 and 7.5.0- Cortex XDR PRO license (Endpoint protection + behavior analytics)- Micr...

BigPalo by L4 Transporter
  • 3470 Views
  • 1 replies
  • 0 Likes
  • 2602 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks