Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 431 Views
  • 0 replies
  • 2 Likes

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

  1. New Certifica

...

Resolved! Cortex XDR along side MS Defender for Endpoint

Hi

 

We are in a position where we would want MS Defender for Endpoint (the EDR, not just the AV) to fully work alongside Cortex XDR.

 

We dialed Cortex XDR's protection down to work "passively" by re-configuring all modules to the "report only" as o

...

tmeksik by L2 Linker
  • 356 Views
  • 2 replies
  • 0 Likes

Email confirmation:

Hello Everyone,

 

When we request the Palo Alto team to review or change the category of an executable that is already been tagged as 'Malware' , why don't we receive an email confirmation from the platform acknowledging the receipt or change of the

...

BIOC not supported

Good afternoon,

 

I'm trying to create a BIOC rule that tells me when users are trying to access the wetransfer.com and dropbox.com DNS. To do this, I generated the following XQL. When run, it shows me the logs of the connections to these DNS.

 

data

...

On-demand file Examination policy

Hi,

 

I've got 3 questions.
1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are bein

...

jannette by L0 Member
  • 177 Views
  • 1 replies
  • 0 Likes

Legacy Agent Exceptions or New menu??

Hi, what's your opinion?

Legacy Agent Exceptions or Global Exceptions Menu??

 

What's the difference? Which one is better?

 

Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings

...

tlmarques by L4 Transporter
  • 1077 Views
  • 3 replies
  • 0 Likes

Resolved! Exclusion process cortex?!

Hi,

How can I create an exclusion in Cortex XDR to stop it from scanning a specific executable??

We have a critical software in our company, and we've noticed that Cortex is constantly analyzing it, causing the machine high CPU and MEM.

How can we excl

...

tlmarques by L4 Transporter
  • 1532 Views
  • 2 replies
  • 0 Likes

Custom Parsing Rule - Cohesity

 

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets

 

The only known issue I'm seeing so far is the logs get dupl

...

Role based privilege's

Dear Team,

As per the client requirement, Kindly suggest for the role based privilege's that can be assigned L1 and L2 users accordingly.

where L1 is lower level engineer and L2 is above L1.

A.Bhist by L0 Member
  • 156 Views
  • 1 replies
  • 0 Likes
  • 2216 Posts
  • 86 Subscriptions
Top Solution Authors
Top Liked Authors