Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Query for formatted endpoints

Hello Dears,

Is it possible to write a query to get notified when endpoints are formatted?

Help with XDR Rest query

Hi,

I'm trying to query the Cortex REST API using this doc - https://live.paloaltonetworks.com/t5/cortex-xdr-articles/cortex-xdr-and-xsiam-postman-api-collection/ta-p/443667, but I keep receiving a

"Public API request unauthorized" message. I tried

...

Resolved! How to check ELA(Enhanced Application Logs)

We enable ELA on our NGFWs, forward logs to SLS, and also ingest the SLS logs into our XDR tenant.
Is there a way to verify in the XDR tenant or SLS that logs have been enriched by ELA?

Broker VM, local agent setting status indicator fluctuates between Green to Red

Hello,

Greetings

Can anyone confirm why does status indicator of Broker VM's Local agent setting keeps fluctuating. It keeps changing between "Connected to Connection Failed" also showing inaccessible URLS that are already whitelisted. Also the a

...

Resolved! Device Permanent Exceptions - Is There A Limit?

Hello-
Is there a limit to the number of devices that can be listed within the Permanent Exceptions? Endpoints -> Policy Management -> Extensions -> Device Permanent Exceptions

Thanks.

Cortex XDR - Solutions for log collection without an official integration

Has anyone found a good approach for collecting logs from an API when there isn't an official Cortex XDR integration? For example, Automox has released a Splunk and DataDog app, but the custom collection in Cortex XDR isn't a good fit. We use the B

...

Resolved! Cortex XDR Pro - Looking for Scheduled tasks by name in mass?

Hello dear community,

here is a script for searching specific scheduled tasks by name in mass. The search is via LIKE and wildcards are used.

import subprocess
import sys

def ScheduledTask(scheduler_name):
    # PowerShell-Befehl mit Where-Ob

...

Resolved! Keeping alive a program after closing Live Terminal

Hi everyone,

I'm using Live Terminal to upload/download Microfsoft's MSERT on potentially infected devices, which are isolated.

But, when running msert.exe via Live Terminal, it seems that the process is attached to my Live Terminal instance, meaning

...

Resolved! Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Hi Community,

I’m facing an issue while trying to install Cortex XDR Agent (7.9-CE) on Windows 7 SP1 and Windows 2008 R2 SP1 systems. According to the compatibility documentation, these platforms are supported, but I’m encountering the following erro

...

Resolved! how remove softwares with XDR

Hello,
I've two questions.

First, I would like to know about your experience. How do you handle uninstalling software on specific devices that are not allowed and need to be removed via Cortex XDR without the user noticing?

The second question is: Is i

...

AWS CloudFormation preset template for Cortex XDR

Hi Cortex XDR community,

We are trying to set up Cortex XDR to ingest cloud assets from AWS. It mentioned that aws clouldformation stack needs to be created using preset Cortext XDR template. Where this template can be found? Is there a link to dow

...

Compare results in table to lookup?

I have a lookup with software names and want to use it to compare it to results from xdr_data using the fields actor_process_image_path which is the dir the software in installed in.

config case_sensitive = false
| dataset = xdr_data
| filter event

...

Resolved! Cortex XDR agent deletion after a period of time

Is there any way to delete Cortex XDR agents automatically after a period of connection lost, like 6 months or so? We have a server which was not used for nearly half a year, and our IT team says its agent was deleted without them knowing. Is it real

...

Resolved! Broker VM shown disconnected

Hi, our Broker VM is shown disconnected on XDR console. The VM is up and running and I can connect to it via SSH. It can connect to the paloaltonetworks.com domain as I can see the traffic on firewall. Version is 25.0.44. Even the last seen is today,

...

HELP With XQL Query to fetch All Assets

Hello Everyone,
I want to fetch all assets from asset inventory using XQL query but I am unable to find a suitable dataset for it. Can someone please help with XQL Query to fetch all the assets.

Thank you

Cortex XDR

User

Count

User

Likes Count

2 Likes

1 Likes

Cortex XDR Discussions

Discussions