Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! BIOC - Powershell Script Based Alert Detection

We know that Cortex has the ability to use AMSI but is any one able to achieve a BIOC rule which can trigger an alert for the content inside the script.

 

Lets say if a Powershell script which is being run has certain parameters in the body such as "re

...

XDR 7.6.1 seems to ignore exception

Hi, Cortex XDR Local Analysis Malware module stops a process called "ClientConsole.exe" (I guess it's a false positive)

 

I've created a global exception for that issue and checked-in client but XDR still blocks this executable.

 

In client log I read th

...

Faber by L0 Member
  • 899 Views
  • 1 replies
  • 0 Likes

Cortex XDR and Splunk.

Does anyone have a working solution to export Cortex XDR alerts into Splunk?

 

We have tried to use Syslog but support was dropped by the PAN Splunk App Team for that in favor of the API which only pulls Incident data(no alerts) and a link back to the

...

eumbach by L2 Linker
  • 1588 Views
  • 5 replies
  • 1 Likes

Resolved! XQL Filter out specific combination

Hello

i am trying to create XQL filter to filter out all known connections, so it only returns me connections that should not happen.

So i create separate line for each of those knows connections, like:

filter (action_local_ip != "10.130.130.34" and act

...

BIOC - suggestion for improvement

Hey ho!

I've a suggestion for improvement:

BIOC - Browser downloads an .hta or .application file --> You could insert also brave browser.

 

iexplore.exe|chrome.exe|firefox.exe|opera.exe|microsoftedge.exe|microsoftedgecp.exe|safari.exe

 

Thanks

 

BR

 

Rob

 

 

Resolved! Process Hunting - Powershell + WGET typing manualy

Hello dear community, 

 

is there a way to hunt for a manually started powershell.exe where a attacker started wget. 

 

In this case I opened cmd and typed this CMD in. Cortex XDR recognized it. 

 

 

But when I manualy open powershell and type in manualy wg

...

Cyber1985_0-1654549745309.png