SSH access to Broker VM impossible/failed

Hi everyone,
I'm trying to access my VM Broker with SSH in admin mode but without success.

In the Broker configuration, I use the command :
ssh -i [/path/to/private.key] admin@[broker_vm_address] then I connect to the Broker machine without any proble

Vuln drivers - scan

Hi,

Anyone know if is possible to retrieve the devices with drivers with vulnerabilities?
I've a lot devices with Cortex XDR and my objective is force IT guys, update vulnerable drivers etc.

XDR API for Policy Management

Is there an API in XDR for Policy Management?

I'm trying to get the list of policies, profiles and their rules.

There is /public_api/v1/endpoints/get_policy (Get Policy • Cortex XDR REST API • Reader • Palo Alto Networks documentation portal)

Howeve

Cortex XDR Agent Incompatibility with Upcoming Windows 11 24H2 and Windows Server 2025 Releases

Hi,

Does anyone have more information about the " Cortex XDR Agent Incompatibility with Upcoming Windows 11 24H2 and Windows Server 2025 Releases"???

I received an email today alerting me about this issue, and I’m wondering: does anyone know the re

Cortex XDR Agent - Connection Lost on Endpoints

Hi Team,

We are facing connection loss issues with some of the endpoints. When we try to reconnect, it fails. We also attempted to retrieve the agent logs, but that also failed. Could you please let us know if there is a possible path to retrieve t

Blocking Bluetooth

Hello, 

I want to block blueotooth activities on endpoints in Cortex XDR. Is there any way or rule to do this? If yes, can you write rule?

Thanks in advance. 

BIOC Block executables based field "Process_File_Info"

Hello,

I would like to know if any of you have struggled with support and technical cases with the need I show below.

I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Proces

XDR Policy Baseline/Comparison Tool

Is there a method/tool available that anyone is aware of to better manage multiple policies or quickly/easily identify those policies which may have/need slightly different configurations?

For example, if we have 2 dozen policies and there's a new

Abnormal Recurring Communications to a Rare IP

We are receiving multiple alerts from the rule below. All alerts are legitimate Microsoft IPs:

Abnormal Recurring Communications to a Rare IP

Could there have been any recent changes on the Cortex end that might be triggering this?
Cortex XDR 

Behavioral threat detected (rule: bioc.sync.critical_termination) Triggered By Known Good Files

Over the past two weeks we have been seeing detections/blocks from the following rule "Behavioral threat detected (rule: bioc.sync.critical_termination)" for known good files 7z2301-x64.exe (7-zip install) and PhotosService.exe (part of built-in Wind

XDR AGENT ALL DEVICES

Hi everyone,

Does anyone know of or have an automation to periodically check if all devices in the company have the Cortex XDR  Agent installed

I currently use Mapper, but my network is large, with over 35k devices (including computers, printers, a