This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Demisto : How to display List of Messages

Hi Team, I am using create_incident API to create incidents. Below is the sample code. I can create an incident when I use "messages" as String. Basically, this is custom_fields and its data vary from incident to incident. Some incidents may have 0 messages in the string array or some may have 10 messages. -----------------------------------...

Screenshot from 2020-10-22 22-29-37.png
JSannake by L0 Member
  • 2806 Views
  • 1 replies
  • 0 Likes

'Kernel Privilege Escalation' generated by XDR Agent detected on host xyz involving user xyz

Hi All We are receiving large number of alerts in our cortex xdr console, The alert is as below, (hostname and user name I have kept as XYZ for privacy) 'Kernel Privilege Escalation' generated by XDR Agent detected on host XYZ involving user XYZ" In all the alerts the process involved is "java." I need to understand this alert and the steps to b...

AsifSid by L2 Linker
  • 4079 Views
  • 1 replies
  • 0 Likes

Mitre ATT&CK techniques missing

After reading https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2020.html#ide2559432-5eb3-4f83-8e85-c4159aeed9ed → "MITRE Tags Enhancements", I retroactively added the appropriate MITRE ATT&CK technique numbers to my custom BIOC rules and noticed that t...

2020 ∕ 09 ∕ 22 16꞉15꞉16 - BIOC_-_Cortex_XDR_-_Google_Chrome.png
2020 ∕ 09 ∕ 22 16꞉15꞉27 - Hide_Artifacts,_Technique_T1564_-_Enterprise__MIT.png

Resolved! SaaS Log Collection

Can't find SaaS Log Collection to start ingesting external logs into Cortex XDR. All the documentations state: Click Gear > Settings > SaaS Log CollectionI can't find it, I currently have Cortex XDR Pro Per Endpoint, does this license not support ingestion or am I not seeing it?I'm trying to ingest Okta authentication logs.

Web filtering in Cortex?

Hello, We have just recently implemented Cortex XDR for endpoint protection and have a question about web filtering. Are there profiles/polices in Cortex XDR that can enable any web filtering features or is web filtering strictly a firewall feature? Thanks

bsuprai by L0 Member
  • 6913 Views
  • 1 replies
  • 1 Likes

Client groups in Cortex XDR

Hello, We are an existing Palo customer and we are moving to Cortex XDR for our Antivirus solution. In our current AV application we have groups for different clients based on exceptions or application for various reasons. It is very easy to create install packages for clients and have the client automatically go into those groups. After finally...

Unable to upgrade Traps from 5.0.x to XDR 7.2

Hi Community, I am unable to upgrade the Traps agent from v5.0.x to 7.2 using the rule from XDR console. I have upgraded from 6.0. Not sure whether my antivirus is blocking it.I can see the version is showing as upgraded in the console for a while then again it goes back to older and the end machine never get upgraded. I can see install fail in ...

Cortex XDR agent Consuming full resource while scanning

Hi All, Cortex XDR agent consuming my full resource while scanning. Did anyone face this kind of issue? I am using another endpoint(Symantec) in the same workstation. Planing to whitelist the cortex XDR folder from Symantec. Please share which are the folders that need to be whitelisted?.

CyberEye by L3 Networker
  • 4021 Views
  • 1 replies
  • 0 Likes

Conflicts with Third Party Encryption Application

It appears that Cortex XDR does not play well with the existing encryption product we use. There is no indication of any issues whatsoever, but when you attempt to decrypt the drive the application is not successful at decrypting all of the files. Uninstall Cortex XDR and things work -- the power of a VM proves it is an issue with Cortex. Ini...

Resolved! Bitlocker Encryption Status Only

I was reading about the new Bitlocker functionality in the new release. We have Bitlocker already deployed in the organization and would like to know if I could use the CortexXDR console as only a "view" or status into the status of Bitlocker on already deployed machines? I am not wanting to control/configure Bitlocker from the CortexXDR console...

Grok Filter for Syslog entries

Does anyone have a Grok filter compatible with Cortex XDR syslog entries? I'm piping Cortex XDR syslog into logstash and then through to Elasticsearch for parsing & alerting, but there seems to be two nested log formats. One pipe-separate and then inside that a space-separated list of fields (including some values that themselves contains sp...

Resolved! Updating Cortex Agent 7.2 fails

Good morning, I'm running into issues trying to update the cortex agent on some of our physical machines running Win 10. I'm very new to Cortex so I apologize if there's issues with my explanation of what I'm having issues with. Inside my endpoint administration we have broken our users into groups: VDI, physical and even further with Windows, M...

  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks