Remove enopoint XDR Cortex
Hi
Can i remove XDR Agent from PC and i don*t have supervisor password for disable antitampering...
Endpoint are not showing in XDR Console...
please help, i have problems with cca 200pc
best regards...
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi
Can i remove XDR Agent from PC and i don*t have supervisor password for disable antitampering...
Endpoint are not showing in XDR Console...
please help, i have problems with cca 200pc
best regards...
Hi,
I've just noticed this recently. A while ago when I added .csv file to a report, it was formatted with coma between columns. Now it is using a tab what cusses export to Excel more difficult. Is any setting which can be use to change it back?
Hello dear community,
is this now the long awaited feature, which gives us the possibility to have a CVE-scoring on Windows applications?
BR
Rob
Dear All,
Do you know why the content updated, cannot open the task manager?
Cortex XDR
"ruleId": "bioc.masqueraded_process_msft",
"fileIdx": 0,
"modules": [],
"profile": "Malware",
"sockets"
What is the difference between Legacy agent exception and Disable prevention rules?
This was asked in another discussion but the answer does not resolve the question asked (https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/exception-and-e
...
3.10 activated in our tenant yesterday and along with that, our endpoints started upgrading to 8.3 (we are one release behind the latest).
This morning we were deluged with calls about unresponsive endpoints.
We stopped the automatic endpoint upgra
...
I'm trying to run a query to get a count of how many times combinations of the values in "initiated_by" and "initiator_path" occur for an alert in the alerts dataset.
For example:
binary1.exe c:\temp\blah 6
binary2.exe c:\temp\blahblah 12
I'm trying to
Hello,
I do represent a company called Arx One. We have been publishing a backup software suite (backup agent, agent management console) for more than 15 years now and those software are installed on our customers' workstations, servers or NAS (Window
Curious to know, of all the modules offered in Cortex XDR, exactly which ones are used during Pre-execution and Post-execution phases?
Since our recent renewal, which is reflected in Assets in the support portal, attempting to Cortex XDR results in an error message of "Failed to load license data or license is expired."
Background: We recently renewed our Cortex XDR Pro license. W
...
Hello,
Could you give me assistance to generate a query to detect when the firewall is disabled?
Best regards.
Not able to see Asset in Cortex portal. Cortex XDR agent is installed on Asset.
Asset is a Ubuntu 28.04 VM on GCP, having access to internet.
root@dev-vcs-martin1:/var/log/traps# dpkg -l | grep cortex-agent
ii cortex-agent 7.9.0.82606 amd64 Palo Alto
Hi
I want to write an XQL query wherein i will be able to get both details of incident and Alerts in one table.
I want to correlate Incident ID and Description with the tables found in Alert dataset like CGO, Initiated by, Action process etc
Hello,
I have a few questions and I would be happy If you answer them.
Questions:
Hello everyone,
I would like to replicate some queries in Cortex using XQL, but I have many doubts with this language and I am arguing with it
Example:
T1140 Deobfuscate/Decode Files or Information
DeviceProcessEvents
| where ProcessVersionInfoProdu
...
Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |