This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4396 Views
  • 0 replies
  • 3 Likes

News about CPATR-10685? This bug is disrupting production

Hello Everyone, Does anyone know where I find more information about this bug: CPATR-10685? We reported an issue where if the malware scan is running a dll cannot be loaded twice because Cortex XDR will block it and were given this bug number, but I cannot find it anywhere in the known or addressed issues. The fact that a dll is only allowed to ...

YAlhazmi_0-1615974821949.png
YAlhazmi_1-1615974867681.png
YAlhazmi by L1 Bithead
  • 3964 Views
  • 3 replies
  • 0 Likes

Cortex XDR - False positive - Cloud2Model Manager 1.005

hi,Some of the users of Cloud2Model are resporting that Cortex XDR is blocking the installer "Cloud2Model Manager 1.005 x64 setup.exe" with this Cortex XDR code: c0400055. This is a legitimate application and the installer is signed with a EV code certificate. You can check the instaler here:https://download.cloud2model.com/managerPlease check t...

eproca by L1 Bithead
  • 16839 Views
  • 11 replies
  • 0 Likes

Resolved! XDR agent is showing high memory consumption

Hello, We installed the agent on different devices. But we have noted that there are high levels of memory. In some devices, we see 180 MB. But in other, the memory is above 300 MB (especially VDI). Is this a normal situation? Or are there specific configurations that we need to change to improve this? We have reviewed the documentation and ther...

iscott by L2 Linker
  • 13410 Views
  • 2 replies
  • 0 Likes

Pro Per TB License Not Used for 14+ days

Hello LIVEcommunity received the following email from Cortex Customer Success <noreply@paloaltonetworks.com>, but I am a contact on several different customers/tenants of Cortex. How does one know which customer this is for? May I suggest that a Tenant ID or some ID be included on these, somewhere in the message?

Filtering by Endpoint groups

I am trying to write an XQL query that will only focus on the endpoints that I have defined in my endpoint groups and not all endpoints in the xdr_data dataset. How can I filter the xdr_data dataset by endpoint groups?

tfoley by L0 Member
  • 2760 Views
  • 1 replies
  • 0 Likes

admin applied agent tags

I have a few XDR deployments I manage and one this I miss is the ability to tag objects like I can on firewalls. This would be useful for a number of tasks from:- filtering views/dashboards/reports- adding agents to dynamic agent groups- assigning policies to agents Often hardware or OS level details are not variable enough to filter and having ...

Status Cortex XDR

Hello communityDo you know where can i see the percentaje uptime of CortexXDR service? I know about this link: Palo Alto Networks Cloud Services Status but it did not help me.

Cortex is not revoking non-persistent VDI license after user logout

Hi Community, We have one golden image and non-persistent VDIs are spawning from it. we installed traps in the golden image with VDI enabled=1. I can see the golden image install type is coming as a golden image, but the VDI generated from this has install type standard instead of VDI. I can see the vdi=0 as well in the VDI machine trapsd.log.L...

Resolved! Windows Server 2003 unable to check in to TMS

Hello everybody, I'm trying to connect an old Windows Server 2003 (service pack 2, 32 bits) to the traps management service. I know that I have to use an old version of the agent (I've installed 5.0.10), but the agent fails to check into the TMS. The problem is related to a certificate that the agent fails to validate. I installed all the requ...

grenzi by L3 Networker
  • 8888 Views
  • 9 replies
  • 0 Likes

Inconsistent XQL search results

When carrying out XQL search...."dataset = xdr_data | fields action_country | dedup action_country"I receive a set of results with different action_country values as expected.If I then take one of these values ie Switzerland and run "dataset = xdr_data | fields action_country | filter action_country = SWITZERLAND"I receive expected results.If i ...

Cortex is not revoking non-persistent VDI license.

Hi Community, We have one golden image and non-persistent VDIs are spawning from it. we installed traps in the golden image with VDI enabled=1. I can see the golden image install type is coming as a golden image, but the VDI generated from this has install type standard instead of VDI. I can see the vdi=0 as well in the VDI machine trapsd.log.L...

Resolved! Block especific Process and Folder/directory

Hello community,In our company we have implemented Cortex XDR with Pro per endpoint and pro per terabyte licenses.the incident response area asks me to verify the viability of applying the following preventive measures in cortex xdr1st. Block the execution of a specific process by its name without having the hash.2nd block writing and execution ...

XDR sometimes blocks the use of left mouse clicks on Windows Start Menu

We've deployed the Cortex XDR agent version 7.1.2 to 50-60 end-user machines so far. 2 users have reported the agent has stopped the use of left mouse clicks on the Windows Start Menu and Search Box. Right mouse clicks work fine. As soon as we removed the agent from those machines the Start Menu and Search Box started to work with left mouse cli...

  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks