This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4337 Views
  • 0 replies
  • 3 Likes

Cortex XDR multiple local malware analysis alerts on seemingly legit programs

Hi all,I have a user whose agent generated a significant number of local malware alerts.However, all of those alerts are generated on legit things like ms teams, vs code, iwconfig etc.Morever, It's only on this user - those alerts dont pop up on the other few linux users we have.My questions are this:-Is there anyway to teach the xdr those are f...

Cortex XDR - How We Distinguish Ourselves From a SIEM Solution

When running a SIEM, you need to have a huge team of many Analysts Level 1, Level 2, Level 3… Escalations to lateral teams (sometimes to take actions such as isolating endpoints/servers, gathering/deleting suspicious files, etc). It is laborious and time consuming to perform simple actions, like creating an alert. Read Cortex XDR - How We Dis...

nhussaini_0-1634871886225.jpeg
nhussaini by L4 Transporter
  • 8363 Views
  • 3 replies
  • 1 Likes

Resolved! Notification CORTEX compatibility

Hi, We received a PA notification about Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0. In our case we have the following scenario:- Cortex agent version: 7.4.3 and 7.5.0- Cortex XDR PRO license (Endpoint protection + behavior analytics)- Micr...

BigPalo by L4 Transporter
  • 3438 Views
  • 1 replies
  • 0 Likes

XDR Linux agent - what is the dypd process?

What is the purpose of the dypd process? sudo /opt/traps/bin/cytool runtime query Name PID User Status Commandpmd 32757 root Running /opt/traps/bin/pmdanalyzerd 534 474 Running /opt/traps/analyzerd/analyzerd 71 73 75dypd 517 root Running /opt/traps/bin/dypd -s -- 66lted 32112 474 Running /opt/traps/ltee/lted -type 2 -config ltee_decryptor.json

KarenW by L0 Member
  • 4729 Views
  • 1 replies
  • 0 Likes

XDR command line scan

Hi All, I've been looking at the functionality of the cytool command line and cannot find a way to scan a particular file, which is available if you right click the file in Windows. Can anyone tell me if the ability to scan an individual file, or folder available from command line in XDR client?Thanks, Paul

Cortex XDR Alert Filter Query String Format

I'm looking to create a link which takes me directly to the list of low, medium, or high alerts, purely based on what is in the query string in the URL. For example, adding/incidents?severity=SEV_040_HIGH&mode=allto the end of my base XDR url works and takes me to the page will all high severity incidents.Similarly, replacing this with/aler...

Cortex XDR linux agent questions

Hi all, I've a few questions about the linux agent:- Are there any special permissions that i need to give the agent?-What to do if i have an agent that doesn't want to checkin with the server? the pc is on, the service is up, and i did a manual check in from the terminalThanks for the help

Cortex Data lake License

Our client has recently purchased the Cortex Data Lake license and we are trying to set this up for them. The firewalls are on version 10.0.7 and have valid certificates but under "Device -> Licenses", we do not see a license for Cortex Data Lake despite trying to retrieve from license server etc. My question is does it suppose to appear u...

cortex.JPG

Possible FP alerts on linux

Hi,I seemingly have a problem with the xdr agents installed on ubuntu workstations -I get "local malware analysis" alerts on seemingly benign programs and executables such as chrome, VS code, systemd and such.WF shows either benign or unknown. Problem is, I cant replicate those alerts on my ubuntu test station. Did someone else encounter this pr...

Resolved! Broker VM

Hi everyone From the Ingest Logs from Elasticsearch Filebeat documentation, it mentioned "use the broker VM to proxy Filebeat communication". May I know how to configure the broker VM as proxy for Filebeat communication?

weejh_1-1635231084634.png
weejh by L2 Linker
  • 6005 Views
  • 5 replies
  • 0 Likes
  • 2593 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks