This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4320 Views
  • 0 replies
  • 3 Likes

Cortex XDR Device Control Violation Query

Hi Team, How can I check device control violations using an XQL query? I have tried the query preset = device_controlbut I am only seeing details for USB device violations. I am expecting to see Bluetooth violations as well. Is this possible? If yes, please guide me.

Questions about IOC/BIOC Suppression rules

We are doing a (somewhat rushed) Cortex XDR implementation, and I am new to EDR things (in general). I created an IOC/BIOC Supp rule today for an issue with running the Guardian Browser (I'll let you know if it works), and while there I see 52 System Generated rules. The description on them is "Same process triggered BIOC nnn on 100 different...

How to remove Old versions of Cortex Agent

Hello everyone, We're facing issues upgrading older versions of the Cortex agent on Windows endpoints — particularly versions 7.x and in some cases 8.x. These agents fail to upgrade both automatically and manually. Requesting a cleaner for each minor version and sharing the uninstall/disable password with IT support is not only time-consuming ...

Port scan alert

Hi everyone, There is some situation in our case. For example there is 2 windows host. Host1 and Host2. Host1 have XDR. But Host2 not. If Host2 executes port scan action (it doesn't matter which tool is using -- nmap, zenmap and etc) to Host1 in this case i cannot receive any alert for this action without NGFW. Is there any option to detect ...

Cortex XDR login issue

Hi everyone, I can't sign in to Cortex XDR Console for about 10 minutes. I receiving "Unauthorized - 4010402" for 3 different users. Is it general problem or only for my tenant? I have also another tenant and it works normally. Could you help me?  

123.png

Resolved! Can't find references from training video

In the "Cortex XDR Basic XQL Crash Course" found here LIVEcommunity - Cortex XDR How-to Videos - LIVEcommunity, they reference two reference documents. I have searched everywhere I can think to search but I find nothing. Does anyone know where I can find Cortex XDR XQL Language ReferenceCortex XDR XQL Schema Reference Thanks for any help. ...

XDR version 3.x vs 4.x

Hello Experts, I noticed there's two versions of XDR 3.x and 4.x, Mine is running 3.x. noticed that's quite lot of changes (in UI) for 4.x.1) will my XDR be upgraded to 4.x eventually? 2) when? 3) what is the purpse of running both version? 4) is 4.x used for something related to Cortex Cloud? Posture Mgt? runtime security? thanks SdG

How to Get All Filter Parameters for Cortex XDR Incident or Alerts URL?

Hi Community, I'm currently working on building deep links for Cortex XDR to directly access filtered incident views via URLs like the one below: https://<tenant>.paloaltonetworks.com/incidents/assets_and_artifacts?severity=SEV_040_HIGH&mode=all I’m trying to understand: What are all the supported query parameters that can be ...

Resolved! BTD - PROCEXP152.SYS - Vulnerable Driver Loaded

Cortex blocked driver PROCEXP152.SYS from being loaded (rule: sync.vulnerable_driver_by_original_name_loaded_procexp)The thing it that this is a signed microsoft driver and it's kind of a known situation for many other vendors.Links: Process Explorer - ProcExp152.sys Driver Flagged As Vulnerable - Microsoft Q&A , SentinelOne annoyance! : r/s...

Panagiss by L1 Bithead
  • 15316 Views
  • 3 replies
  • 0 Likes

error when try to install cortex on redhat 10

Hello, I try to install Redhat 10. i downloaded last version of packages.When i try to install on rehdta, i have this error : ./cortex-8.8.0.133595.shVerifying archive integrity... All good.Uncompressing Cortex XDR 8.8.0.133595 installer 100%[!] Path '/bin' is not in PATH[!] Path '/sbin' is not in PATHActive kernel LSM: lockdown,capability...

action_process_image_command_line Filter Issue

Hi, I'm trying to build a query that would check for reg.exe launches. This is well and good, but the moment I add a filter action_process_image_command_line = "reg save" nothing appears, even though it was part of the initial result for reg.exe. When I checked the schema, action_process_image_command_line is a string, so I don't think my query ...

unfiltered.jpg
filtered.jpg
a2123k1 by L1 Bithead
  • 986 Views
  • 2 replies
  • 0 Likes
  • 2585 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks