This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

Resolved! Cortex XDR Agent and system logs

Hello All, I am trying to get logs for cortex XDR agent of more than 1 month old, from system and tech support file however not getting any success. Does anyone knows any method by which we can retieve agent logs/tech support logs for more than 1 month old data? Is it possible to retrieve such logs form cortex XDR agent? Thanks in adavance.

tejasp04 by L1 Bithead
  • 21042 Views
  • 1 replies
  • 0 Likes

XDR agent quota exceeded

We're running 7.4.x currently and we've been seeing a ton of these alerts lately, and it seems to be for the same four or so machines out of several thousand. It is just alert after alert. I checked the log folders on the machines and they aren't anywhere near full for what we set for the log folder limit. I even emptied one of them and it was s...

enewman by L1 Bithead
  • 4708 Views
  • 2 replies
  • 0 Likes

Trying to setup Cortex Data Lake

Hi all, I am new to this forum and new to the job where I am having this issue so please forgive me if this is an easy question that has been answered, I could not find the info I was looking for. I am trying to setup a Cortex Data Lake for my Cortex XDR Cloud logging. I am aware that I cannot see anything in the data lake when going to explor...

All Cygwin apps see the decoy files

Hi. My organization forced the installation of Cortex XDR 7.4.2.35695 on my workstation and When I use Cygwin it lists the anti-ransomware decoy files. It's especially troublesome when I copy directories because real files are created then.ncdu 1.10 ~ Use the arrow keys to navigate, press ? for help --- /cygdrive/c -----------------------...

Resolved! Cortex XDR Forensics Addon

Hello everybody.I have a question about Cortex XDR Forensic addon. When we enable Forensic addon from Agent Settings profile we see "Interval Hours" for each section. But we can not understand what it is. Also we can not find anything about it in any documentation. Can anybody explain this option ("Interval hours") please?

Move an Endpoint agent to another tenant

How to move an Endpoint agent to another tenant? I just tried to transfer a Cortex XDR agent from one tenant to another tenant. But unfortunately, the said agent is keeping listed at the current tenant rather than the new tenant.

High memory consumption on newer agent versions

Hello everyone, I have sporadic servers in our environment producing high memory consumption with the XDR agent. Cyserver.exe will climb to 350-400mb in some instances until the service is rebooted and it brings it down to an acceptable level. Has anyone else had this issue before? It's not on all devices either which makes it a pain to trouble...

CraigV123 by L3 Networker
  • 22522 Views
  • 5 replies
  • 0 Likes

Advanced Training For Cortex XDR

Hi all, Does any of you support members, or experienced Cortex XDR users know if there's reasonably priced advanced training for the platform (on-demand or instructor-led). Please I'm not talking about the on-demand training available at this link as those tend to be basic and not well organized. I'm referring to well-arranged training that ta...

How to add IP to the XDR whitelist without any security analysis

My user generated a behavioral threat alert, which caused the two PCs to not be able to communicate with each other. After we turned off the protection function of xdr agent, they were able to communicate with each other. I did not see the block ip on the XDR cloud server. Someone Can you tell me why?I added allow ip below but it did not take ef...

How do you manage agent upgrades?

I am trying to manage agent upgrades without allowing the agent to upgrade to new and unstable releases. For example, I do NOT want 7.5.0 upgraded on any system, but I do want the most recent 7.4 release upgraded on all systems. I have run into issues getting releases lower than 7.4 to upgrade to 7.4.2 (current version as of today). I have re...

Bitlocker Disk Encryption Visibility = Not Supported

I am still working through our older PCs with our prior AV and disk encryption and getting over to Cortex and BitLocker. Just noticed all the systems I completed today report "Not Supported" for the Status column. Mousing over says the OS is not supported. I seem to have a handful of other systems with this same status but not all systems...w...

Resolved! Installation XDR Agents using BigFix

Hi Experts, Please give me advice for how to installation XDR Agents using BigFix for Windows, Linux, and Mac.I have been trying to find the docs for it, but till now I haven't found it. And I read how to install manually using MSIEXEC, is it possible?Example :msiexec /i c:\install\cortexxdr.msi proxy_list=”My.Network.Name:808,10.196.20.244:8080”

Device Control - Continue to Block, but not create a Violation

With regard to leveraging Device Control Profile and Policies, with regard to Disable USB Hard Drive. Am I missing what is the process to continue to BLOCK a USB Hard Drive, but to not generate a Violation entry for it.Use Case:We are aware of this activity for a specific Device/Vendor (Sony camera, but shows up as Hard Drive as it has a drive ...

  • 2600 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks