This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4396 Views
  • 0 replies
  • 3 Likes

Cortex Data lake License

Our client has recently purchased the Cortex Data Lake license and we are trying to set this up for them. The firewalls are on version 10.0.7 and have valid certificates but under "Device -> Licenses", we do not see a license for Cortex Data Lake despite trying to retrieve from license server etc. My question is does it suppose to appear u...

cortex.JPG

Possible FP alerts on linux

Hi,I seemingly have a problem with the xdr agents installed on ubuntu workstations -I get "local malware analysis" alerts on seemingly benign programs and executables such as chrome, VS code, systemd and such.WF shows either benign or unknown. Problem is, I cant replicate those alerts on my ubuntu test station. Did someone else encounter this pr...

Resolved! Broker VM

Hi everyone From the Ingest Logs from Elasticsearch Filebeat documentation, it mentioned "use the broker VM to proxy Filebeat communication". May I know how to configure the broker VM as proxy for Filebeat communication?

weejh_1-1635231084634.png
weejh by L2 Linker
  • 6127 Views
  • 5 replies
  • 0 Likes

Join Our AMA on Cortex Training and Credentialing Opportunities!

LIVEcommunity’s latest Ask Me Anything (AMA) session is all about Education Services Training and Credentialing opportunities for all things Cortex! From digital learnings and instructor-led trainings to the first-ever Cortex XDR certification, this is your chance to learn about what knowledge opportunities are available for Cortex by Palo Alto ...

agalindo by L4 Transporter
  • 3929 Views
  • 1 replies
  • 1 Likes

Can Cortex XDR be installed to be standalone?

We're in a situation where HQ has moved to Cortex XDR, at the satellite facilities, there are PC/Laptops that never touches HQ network and are often standalone systems or is on a competely separate domain and those domain is to never communicate with the HQ domain. To complicate things a little more, some of these other domains are moving target...

Vudoo408 by L0 Member
  • 4361 Views
  • 1 replies
  • 0 Likes

Endpoint disconnected - Admin console

I am having issues with an endpoint connecting to the Cortex XDR dashboard,The Cortex XDR console from within the OS is showing as 'Enabled' however it is disconnected from the endpoint administrator console. I have attempted restart the services using cytool function in the command line as per the support document below;https://knowledgebase.pa...

KirkH by L0 Member
  • 3889 Views
  • 1 replies
  • 0 Likes

Windows version 21H2 - Cortex incompatibility

Hi, We received a PA notification about Microsoft Windows 10 version 21H2 running on specific hardware architectures are incompatible with a security engine in Cortex XDR agent 7.0.0 – 7.4.0. In our case we have the following scenario:- Cortex agent version: 7.4.3 and 7.5.0- Cortex XDR PRO license (Endpoint protection + behavior analytics)- Micr...

BigPalo by L4 Transporter
  • 5537 Views
  • 3 replies
  • 0 Likes

Ignore all authentication requests alerts from a particular IP

We use a vulnerability scanner internally to test all endpoints for any known vulnerabilities or leaked credentials. Cortex has been alerting to this, but since we know this is intentional traffic, is there a way to ignore certain authentication requests via lsass.exe from a remote host? The remote host IP is coming up in the emailed alert as "a...

Resolved! Testing malware blocking and alerting in the xdr

Hi all,I'm trying to run checks on my mac, that has a cortex xdr agent, trying to see how the blocking & quarantine functions before setting the policy to all endpoint in my organization.However, EICAR files, and the test file that palo alto provides here - https://docs.paloaltonetworks.com/wildfire/10-1/wildfire-admin/submit-files-for-wildf...

Live Terminal over Broker VM

Hello everybody. I want to know if we can initiate a live terminal session over Broker VM ( our agents dont have internet access so they use Broker VM ). 1) In documentation Palo Alto say that network requirements for Broker VM are these: - br-<XDR tenant>.xdr.<region>.paloaltonetworks.com - distributions-prod-us.traps.paloal...

Memory Corruption Exploit Alerts - Incidents

Hello LiveCommunity, I wondered if any others are seeing a very high number of recently created (in the last few hours) "Memory Corruption Exploit" alerts in Cortex XDR?Beginning around 1015 Pacific this morning (11 Oct) thru as recent at 1518 Pacific, 11 Oct there has been numerous alerts fired across many different Workstations Seeing many dif...

XDR Cloud Identity Engine and proxy

Hello everybody, We want to integrate our Active Directory to Cortex XDR via Cloud Identity Engine. But there must be proxy between Cloud Identity Engine and Cortex servers. We setup a lab environment for test purpose ( simply forwarded web traffic via Apache Forward Proxy ). after setup CIE ( Cloud Identity Engine ) could not communicate with c...

  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks