Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 755 Views
  • 0 replies
  • 2 Likes

Blocking Bluetooth

Hello, 

 

I want to block blueotooth activities on endpoints in Cortex XDR. Is there any way or rule to do this? If yes, can you write rule?

 

 

Thanks in advance. 

XDR Policy Baseline/Comparison Tool

Is there a method/tool available that anyone is aware of to better manage multiple policies or quickly/easily identify those policies which may have/need slightly different configurations?

 

For example, if we have 2 dozen policies and there's a new

...

XDR AGENT ALL DEVICES

 

Hi everyone,

Does anyone know of or have an automation to periodically check if all devices in the company have the Cortex XDR  Agent installed

I currently use Mapper, but my network is large, with over 35k devices (including computers, printers, a

...

tlmarques by L4 Transporter
  • 952 Views
  • 2 replies
  • 0 Likes

Resolved! XQL Help - Any AI tools, query library?

Wondering if there are plans to help build queries? Something as simple as looking for a file called "testfile" requires the query with the below code:


|preset = xdr_file
|filter action_file_name contains "testfile"

Another example that we are current

...

J.Suter by L2 Linker
  • 1576 Views
  • 3 replies
  • 0 Likes

Cortex XDR Generate Alert when Device is Online

There's many situations where it would be convenient to receive a notification when a device is online.  We often run into this when a device is isolated and we are  unable to contact a user.  Since there is no native ability to trigger an alert or n

...

tc0222 by L0 Member
  • 1523 Views
  • 3 replies
  • 0 Likes

Broker VM

Hi, 

I have downloaded Broker VM OVA file and installed it on my VMvare. I just wonder about with the following issues. As you know Broker has two IP one for public and one for private. 

In this part, if i go static, will I be configuring internal o

...

JahidAliyev_0-1731635966017.png

General Cortex XQL questions

Hello, 

I have been unable to confirm the following information in the online guidance I have been looking through.

 

How far back can we run an "All Actions" query in XQL? For example, can we search for file hashes going back 3 months or longer?

Also

...

Resolved! Correlation rules create incident

Hey dear sec community!

 

is there a way to setup an correlation rule, which can block and not only detect?

I couldn't find a way. I tried the XQL queries from the libary. 

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investi

...

Cyber1985 by L3 Networker
  • 5248 Views
  • 7 replies
  • 0 Likes
  • 2284 Posts
  • 86 Subscriptions
Top Solution Authors
Top Liked Authors