This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

Resolved! Testing malware blocking and alerting in the xdr

Hi all,I'm trying to run checks on my mac, that has a cortex xdr agent, trying to see how the blocking & quarantine functions before setting the policy to all endpoint in my organization.However, EICAR files, and the test file that palo alto provides here - https://docs.paloaltonetworks.com/wildfire/10-1/wildfire-admin/submit-files-for-wildf...

Live Terminal over Broker VM

Hello everybody. I want to know if we can initiate a live terminal session over Broker VM ( our agents dont have internet access so they use Broker VM ). 1) In documentation Palo Alto say that network requirements for Broker VM are these: - br-<XDR tenant>.xdr.<region>.paloaltonetworks.com - distributions-prod-us.traps.paloal...

Memory Corruption Exploit Alerts - Incidents

Hello LiveCommunity, I wondered if any others are seeing a very high number of recently created (in the last few hours) "Memory Corruption Exploit" alerts in Cortex XDR?Beginning around 1015 Pacific this morning (11 Oct) thru as recent at 1518 Pacific, 11 Oct there has been numerous alerts fired across many different Workstations Seeing many dif...

XDR Cloud Identity Engine and proxy

Hello everybody, We want to integrate our Active Directory to Cortex XDR via Cloud Identity Engine. But there must be proxy between Cloud Identity Engine and Cortex servers. We setup a lab environment for test purpose ( simply forwarded web traffic via Apache Forward Proxy ). after setup CIE ( Cloud Identity Engine ) could not communicate with c...

XDR vs XSOAR

Hello people , I am trying to figure out real difference between XDR and XSOAR. XDR is far more intelligent than. SIEM . So this means SIEM is killed ? XDR can also perform incident response , so what is the real value of SOAR?

Resolved! Cortex XDR client preventing Windows boot

Our organization has started using Azure AD and Intune for managing PCs, and the enrollment include the deployment of Cortex XDR client. So far, we've had no issues during our (slow but surely) transition.But last week I encountered a strange problem where we got the new Dell Precision 5560 for a new employee.Login with credentials - successfull...

XDR Client version 7.5.0 High Memory Usage

We recently upgraded our XDR Clients from 7.4.2 to 7.5.0. Since the upgrade a lot of our Windows Servers seem to be using a lot more memory that what I recall other client versions using. For example, older versions where like 200-400MB of usage but with 7.5.0 they are using like 650MB up to 1GB of memory on the Cortex XDR Service (cyserver.exe)...

mbahen by L2 Linker
  • 19489 Views
  • 13 replies
  • 0 Likes

Alert USB activity

Hi community, Can I check is there any one create a alert if a user copied more than a certain number of files into a USB drive?Thank You, Cheers!

BoonHwee by L1 Bithead
  • 4021 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XDR Live Terminal problem

Hello. We have a problem about live terminal. When we we initiate live terminal session in endpoints ( all endpoints have same problem ) notification pops up ( about live terminal ) but we see 'operation time out' error in Cortex XDR web UI. Can anybody help about this situation? Note: We give all accesses to endpoints as mentioned in this link...

remove users Cortex XDR

Hi, I'm trying to remove user from "Access Management" in Cortex XDR but I cant find a way to do so.What is the best way to preform this task?Thanks on advance,Ronnie.

Resolved! Cortex XDR supervisor password

Hi Team, Some cytool commands were asking to enter supervisor password to proceed, Is this the uninstall password had to set while creating the package? or the Login account password?

Need to extract installed application.

Hi, I have queries regarding cortex XDR, Does the cortex xdr provide application inventory counts? We want to extract each and every application which is installed in all our network systems but with IP. for e.g, 10.10.10.10 is a system IP, I want to extract how many other applications are installed in this particular IP. From host insight, we g...

Problem uninstalling Cortex XDR Agent

I often have the problem that the host loses connection to Cortex console due to a failed agent update and I cannot uninstall the agent on it and reinstalling the agent results in a rollback. There is a file named "tdevflt.sys" left in the "C:\Program Files\Palo Alto Networks\Traps" folder that prevents me from reinstalling the agent. The only t...

Scott103 by L0 Member
  • 6299 Views
  • 2 replies
  • 0 Likes

Query Builder to XQL

I have built queries within builder that I cannot replicate in a xql queryIs there a way to convert them quickly?The example below was built with the builder, a search for files within removable media for the previous 24 hoursI need it in xql syntax in order to create widgets...etc File [ action type = all AND device type = removable media ] AN...

  • 2600 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks