Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! Cortex XDR _USB Blocking Levels

Hello,

 

Please let me understand the levels of usb blocking in the edr policy.

If the access is blocked does it allow printers, Charging smartphones, Other utilities like Cameras etc. 

 

Thanks in advance.

XDR Endpoint Visibility Dashboard

Hello, 

Let's assume I have 5 departments inside my organization. Each contains 6-7 endpoints. I want to create 5 dashbaords for each. In these dashboards, I want to see only organization specific endpoints ( 6-7 endpoints would be in each dashboard)

...

DTRH: Finding New XQL Fields and Joining Data

 

 

DTRH: Finding New XQL Fields and Joining Data

 

I was trying to look at some user login information through XQL and I started poking around the different fields that were being returned. I began one of the user login sample queries available in the q

...

JEbrahimi_0-1618590705273.png
JEbrahimi_1-1618590705280.png
JEbrahimi_2-1618590705285.png
JEbrahimi_3-1618590705288.png

Host Firewall API

Has anyone had any luck adding IPs to the XDR host firewall via API?

It seems like this would be a great function to have. (Looking at you Palo Alto DEVs)

 

I've also looked at:

Adding IPs to an IOC - but IOCs cannot be added to custom blocking rules

...

CJNTS by L2 Linker
  • 727 Views
  • 3 replies
  • 2 Likes

Query to Monitor Computer Uptime

 

Hello,

 

I intend to formulate a new query to retrieve the computer's uptime, and if the system has been active for more than 30 days, generate an alert. Although I attempted the following XQL Search, the outcome yielded no results:

 

config case_s...

Cortex XDR agent and EICAR malware test file

Hi team,

 

It feels like I'm missing something and so would appreciate of someone could explain to me why the XDR agent on Windows (latest 8.2.1 with block policy) is not reacting to EICAR malware test file (X5O!P%@AP[4PZX54(P^)7CC)7}$EICAR-STANDARD-

...

stig_72 by L1 Bithead
  • 1232 Views
  • 2 replies
  • 0 Likes
  • 1825 Posts
  • 78 Subscriptions
Top Solution Authors
Top Liked Authors