This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4323 Views
  • 0 replies
  • 3 Likes

Resolved! Threat ID #9999' generated by PAN NGFW

Hello, I have turned off alerts on NGFW for Private URL, but I still get threat ID #9999. Can somebody a little bit more explain what this threat ID means? I am trying to clean it up, but still get these alerts.And it is not any kind of malicious traffic.It is usually connected with some internal web-pages. I can provide more info, if needed.Lukas

LukasB by L2 Linker
  • 20468 Views
  • 8 replies
  • 0 Likes

Cortex XDR FIM

Hi Team I am configuring File Integrity Monitoring (FIM) in Cortex XDR for Windows endpoints. I have defined a monitoring rule for the directory:C:\Windows\* However, within this path, I need to exclude specific subfolders from being monitored (for example, system or application folders that generate excessive or irrelevant events).I am not seei...

M.Rather by L1 Bithead
  • 352 Views
  • 1 replies
  • 0 Likes

XDR Automation Rules not triggering Playbook execution

I am experiencing an issue with XDR Automation Rules when attempting to execute a script. I have configured an automation rule to trigger a Playbooks when a specific event occurs. The Playbook is designed to run the built-in Quick Action: “Run Endpoint Script”, which executes a script registered in Action Center > Scripts Library. However, th...

.522643 by L0 Member
  • 199 Views
  • 1 replies
  • 0 Likes

Cortex XDR Playbooks – Most returning errors, looking for working use cases

Hi Community, I wanted to check in with the community regarding Cortex XDR Playbooks. Has anyone successfully executed playbooks within Cortex XDR and actually received meaningful results? In our environment, the majority of playbook executions end up throwing errors, and we're struggling to identify the root cause. We've tried several built-in ...

Cortex XDR integration with IBM QRadar

Hi All, We have a requirement to get cortex XDR Data(Alerts, agent audit logs) into IBM Qradar. Following the documentation, we took the approach of configuring syslog server in external applications, new configuration in notifications, and adding Cortex DSM app extension in QRadar. Due to security concerns, our QRadar team does not wish to ma...

MithunKT by L2 Linker
  • 9149 Views
  • 4 replies
  • 0 Likes

Integrating Cortex wth QRadar

Hello Everyone,Does the installed Cortex XDR for QRadar Version1.2.0 and config it via syslog allow receive Alerts directly from Cortex XDR into QRadar? I found https://apps.xforce.ibmcloud.com/extension/d12c3794f142ee334b4bbdc83d10347f but not able to find newer version. Can someone know if there is other way to receive alerts directly from C...

Cortex XDR - Issues auto-grouping under same case due to shared IP - how to manage?

Hi everyone, We recently integrated Palo Alto Firewall with Cortex XDR and incidents are coming in successfully. However, we're facing an issue with how cases are being created. The problem is: when a case is opened, other issues with different names are automatically being grouped under the same case simply because they share the same affected ...

Resolved! createNewIndicator - IP is not an existing indicator type in Cortex XDR

Hi, We are using Cortex XDR native playbook editor and trying to use the default EDL playbook. When the playbook runs the createNewIndicator task, we receive this error: 'IP' is not an existing indicator type. Note that the type is case sensitive (52) We have tried all possible type values: IP, ip, IPv4, IP Address — all return the same error. A...

Resolved! CSP HUB roles / accesses

Greetings, How can we manage the hub roles while no user have relevant roles in the tenant. I need to assign a role to a user to activate the Cloud Identity Engine for Cortex XDR

Resolved! Make MTP logs using XQL

Hello, Everyone! 1. An Android device is connected to a computer where XDR is installed.2. After the connection (Android-Computer), the user accesses the Android device’s folder from the computer and copies file A from the computer to the Android device.3. On the computer, the copied file A on the Android device is renamed or copied to a diffe...

Local Analysis Malware and WildFire Malware Alerts

Can someone explain the Local Analysis Malware and WildFire Malware alerts. The WildFire alerts seem straightforward for a file that it deems malware. On the other hand, the local analysis malware alerts trigger for a bunch of files but in the alert it has a wildfire report and verdict that says benign. Moving into suppressing these alerts, the ...

Resolved! XDR Endpoint with Containers

Hello, I would like your help to understand what protections I have with Cortex XDR Endpoint Pro on a Linux server running containers/Docker. Will XDR also protect against malicious activity originating from the container to the network, or is it more of a black box?

tlmarques by L4 Transporter
  • 909 Views
  • 5 replies
  • 0 Likes
  • 2590 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks