Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Creating disable prevention rule for Alerts with different sha256 but all other values were same

We have created a disable prevention rule for a few Cortex XDR agent-blocked alerts because they were false-positive.

However, we recently received 2 new alerts with the same fields as the ones for which we created the disable prevention rule.

I only

...

Cortex XDR Ransomware Protection - Protection Mode "Aggressive" vs "Normal"

Hello

Is there the cheat sheet of comparison of Ransomware Protection Mode "Aggressive mode" vs "Normal". I have no idea key differences between "Aggressive" and "Normal" mode. I need to that cheat sheet in my report. Anybody can provide or Do Pal

...

Resolved! "Unsupported Platform" shown in CVE Column for Vulnerability assessment in Cortex XDR

Hi,

I encountered a situation where we see "Unsupported Platform" in CVE column unexpectedly for MacOS endpoints in Vulnerability assessment in Cortex XDR. Does anyone know why this might have happened ? Or what is the reason and how to fix this ?

...

Alert to Incident

Hey dear community,

do I have the chance to elevate a alert to an incident? I tried allready to set the severity of an alert to critical, but nothing happened. This alert doesn't get an Incident ID.

I thought this was possible in the past, but

...

Cortex XDR does not show file name

Hello everyone,

I have an incident and when I open related logs, it is showing large upload. I can see a bunch of logs which indicates that someone has uploaded 53 mb file to amazon or one drive. I saw destionation host as ........amazon.com and i

...

Resolved! How to download Cortex XDR 7.9 CE Version?

I want to install Cortex XDR on Win 7 and Win 8 systems and as per my knowledge we can only install 7.9 CE version agent.

From where can I download it? its not showing in on Agent Installations --> Create agent installation option. Need urgent help

...

XQL Query to find bugcheck (BSOD) entries in event logs

We are experiencing a few BSOD events when auto-upgrade pushes new agents.

Anecdotally, it only seems to happen to a small number of machines and well below 1% of the total XDR estate, however this is anecdotal and I keep getting challenged that "only

...

ITDR Honey Users for Cloud Identities

Hi Everyone

We're using ITDR module and are manually assigning asset role as described here: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Documentation/Asset-Roles

Only on-premises identities from AD can be assigned to asset r

...

SynRpcServer.exe in System32 folder

Hi,

I got an alert "Globally rare process execution from a signed process" and after investigating the process is SynRpcServer.exe

which not uncommon and also the host uses a fingerprint sensor so it should all make sense.

But the interesting parts ar

...

Growth of ARM processors in Windows Ecosystem

With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.

Is there an roadmap for considera

...

Community Expert Verified

Laptops dynamic group

I am looking for an efficient way to create a dynamic group for laptops only in the XDR console. So far, my only idea is to add a laptop tag during installation and then group by the tag. Is there an automated way to have XDR report the portable plat

...

Resolved! BIOC Rules for OneDrive File Uploads | Exfiltration

Hello,

I have encountered an issue where some users in my organization are uploading large files (around 100 GB) to their personal OneDrive accounts using public Microsoft domains. Currently, Cortex is allowing these actions without signaling them.

...

How to configure rsyslog server to receive logs from Cortex XDR via TCP+SSL

Hi,

I am having issue with Cortex Log forwarding to syslog server where from Cortex XDR encountered error(can refer in the attachment named Cortex XDR error) as below.

Test failed: Connection timed out

I have check many times with our firewall

...

Development Pipeline

dear,

I have an openshift ci/cd and I wanted when the image was formed, the cortex would be called to check, is it possible?

Cortex XDR False Positive Report

Hello everyone,

We develop some applications and our customer told us when they install the application, it gives a malicious warning for a sub installer "gcad_local.exe". Is it possible to submit the file to Cortex XDR and add it to whitelist in som

...

User

Count

User

Likes Count

2 Likes

1 Likes

Cortex XDR Discussions

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Creating disable prevention rule for Alerts with different sha256 but all other values were same

Cortex XDR Ransomware Protection - Protection Mode "Aggressive" vs "Normal"

Resolved! "Unsupported Platform" shown in CVE Column for Vulnerability assessment in Cortex XDR

Alert to Incident

Cortex XDR does not show file name

Resolved! How to download Cortex XDR 7.9 CE Version?

XQL Query to find bugcheck (BSOD) entries in event logs

ITDR Honey Users for Cloud Identities

SynRpcServer.exe in System32 folder

Growth of ARM processors in Windows Ecosystem

Laptops dynamic group

Resolved! BIOC Rules for OneDrive File Uploads | Exfiltration

How to configure rsyslog server to receive logs from Cortex XDR via TCP+SSL

Development Pipeline

Cortex XDR False Positive Report

Rare Login Query Not Working

Help with fine tuning a query using $arguments and enclosing them in "quotes"

Details regarding %PROGRAMDATA%\Cyvera\ folders

How to check powershell version at cortex XDR

Cortex VM Broker SNMP monitoring

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Re: Cortex XDR Get Incident API function 'hosts':None

Re: Rare Login Query Not Working

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Unlock your full community experience!

Cortex XDR Discussions

Rules and Best Practices

Resolved! "Unsupported Platform" shown in CVE Column for Vulnerability assessment in Cortex XDR

Resolved! How to download Cortex XDR 7.9 CE Version?

Resolved! BIOC Rules for OneDrive File Uploads | Exfiltration