This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

Resolved! Cortex XDR Pro – Does it scan USB devices upon insertion?

Hi team, I would like to confirm the behavior of Cortex XDR Pro regarding USB devices: Does Cortex XDR perform any automatic malware scan when a USB device is connected to an endpoint? If not, what protections are applied at connection time (e.g., device control, behavioral detection, execution monitoring)? Is scanning of removable media only p...

Resolved! Updating Cortex Agent by MDM

Hello team, I need guidance on automating Cortex XDR agent upgrades across multiple endpoints using an MDM. Upgrading directly from the console is consuming significant bandwidth. We are evaluating options like P2P distribution, brokers, or staging updates, but face some challenges: Some endpoints are not associated with a broker. Upgrades may ...

Resolved! Es posible bloquear una IP en cortex xdr pro

Hello Community, I am working with Cortex XDR Pro and investigating the "Endpoint Blocked IP Addresses" section within the Action Center. I have a few specific questions regarding how entries are populated in this table and the best practices for targeted blocking: Orchestration: How exactly are IPs added to this list? Does it only reflect aut...

QuestionAb_0-1777933071076.png

MacOS uninstall password reset

Greetings! I have a problem about Cortex XDR uninstall password in MacOS. The agent got corrupted while upgrading and from then on it is not upgrading to a new version thats why i was trying to uninstall cortex agent then reinstall new one. sudo "/Library/Application Support/PaloAltoNetworks/Traps/bin/cortexxdruninstaller_tool" I used this...

XQL - Hostfirewall events

Hi everyone, What is the best and most efficient way to review network traffic and correlate or compare it with Host Firewall events using XQL? I am looking for the optimal approach to query and analyze this data together without impacting performance. If anyone has a sample XQL query or advice on how you handle this in your SOC, I would really ...

Resolved! Broker VM cli Admin password

Greetings everyone, How can we get the admin password of broker vm? i have connected via ssh to the broker vm's cli now i need to do some actions which require admin's password Cortex XDR

Jira integration errors

Good day please is there a way to pass headers during the cortex-jira integration. we get this error that this header is required, but there is no option to pass headers. any fix or solutions to that is welcomed. thanks

KMgbachi_0-1777543372045.png

Need help with XQL datetime interval

Hello I would need some help regarding XQL. I'm trying to list files created between 2026-04-01 11:00:00 Eastern Day Time and 2024-04-02 16:00:00 Eastern Day Time. I'm having difficulties handling the syntax. Thanks in advance! PA

P.Forand by L0 Member
  • 390 Views
  • 2 replies
  • 0 Likes

Get all parent processes of a given process with XQL

I am trying to obtain a linear process tree for a specific process using XQL. Example:In the Causality Chain view, the process tree for Process X looks as follows: explorer.exe → Process Z → Process Y → Process X I want to write a query that returns exactly those three process events (excluding explorer.exe) that spawned the next process up u...

MaaHaa by L0 Member
  • 677 Views
  • 3 replies
  • 0 Likes

Resolved! Threat ID #9999' generated by PAN NGFW

Hello, I have turned off alerts on NGFW for Private URL, but I still get threat ID #9999. Can somebody a little bit more explain what this threat ID means? I am trying to clean it up, but still get these alerts.And it is not any kind of malicious traffic.It is usually connected with some internal web-pages. I can provide more info, if needed.Lukas

LukasB by L2 Linker
  • 20869 Views
  • 8 replies
  • 0 Likes
  • 2601 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks