Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Cortex XDR trail version for testing purpose.

We are trying to integrate the Cortex XDR incident logs to Splunk using the API pull method. We customised the Splunk TA taking reference from the Splunk TA for Palo Alto NW.  So is there a trail version of Cortex XDR available in order to test the i

...

RK21VTH by L0 Member
  • 314 Views
  • 1 replies
  • 0 Likes

Script for Agent Upgrades

Does anyone know of a way to build/apply a script in XDR that would perform agent upgrades at scheduled times? 

Example: upgrade to latest agent version on 10 endpoints starting at 8PM on Saturday. 

Disk Decryption on MAC OS

Hi Everyone,

 

I'm seeking for help on how to decrypt the drive on MAC OS after the encrypting the drive using the Cortex XDR Tenant/Console?

 

I tried to check and use on this documentation guide by Palo Alto Networks but I think it is not working o

...

EJaspe by L1 Bithead
  • 573 Views
  • 3 replies
  • 0 Likes

XDR and XSOAR mirroring fails

Hi, I have XDR integrated with XSOAR for bidirectional incident mirroring...

 

The strange thing is that when I close incidents in XSOAR as false positives, they appear as 'Resolved other' in XDR via the API...
If I close incidents as false positives

...

Resolved! exclusions vdi non-persistent

Hello, does anyone know if there is any document that tells us which folders and subfolders we should exclude from XDR when using Citrix and VMware Horizon with non-persistent VDI?

 

In Palo Alto's documentation, I don't see anything specific except

...

eXtended Threat Hunting (XTH) Module

Hi team,

Got a renewal quotation with new XTH module.

Heard eXtended Threat Hunting (XTH) Module is about query the raw data for threat hunting.

Still not so sure what is the new module is used for?

What is the use case to purchase this lic in additi

...

Resolved! How to use two datasets in a query

Hi,

I hope you can shed some light.  I am attempting to run a query to find out what system is running what applications including the username.

I have this query which gives me what I need except the "user" which is a field in another dataset xdr_da

...

Application Severity Score

Hi, I noticed a "Severity Score" in Applications under Host Inventory but there doesn't seem to be any scoring happening. Is this apart of a license we may not have or does this not function the way I would imagine? I assumed maybe CVEs for applicati

...

DopedWafer_0-1700080391735.png

AWS tags in the Cloud info field?

We have hundreds of AWS assets with lots of information in Cloud Info, but none have anything in the tags field.

 

Has anyone else seen (not seen) this?

Just to clarify, I am not talking about Cortex XDR tags.

 

Thanks

PCTomS_0-1697840876761.png
PC-TomS by L3 Networker
  • 491 Views
  • 3 replies
  • 0 Likes

User details

Hi Team,

 

Can we check user details on the XDR console - Local user with admin privileges?

 

Any way to identify such users?

 

Regards,

Shahwaz

  • 1764 Posts
  • 79 Subscriptions
Top Liked Authors