Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Update from Traps to Cortex

Hello everyone,

I'm trying to update the Traps agent 5.0.11 to Cortex 7.4.0 on Windows Server 2008/2008R2.

When I'm installing the new version, in the moment to start the services, the installation go in rollback.

I've tried to install directly the new

...

There is not enough space on the disk

Hi Expert,

 

I have facing issue about XDR agent.

My XDR agent has status no connection in XDR console, but after I checked in the XDR Tenant status for my device has connected status.

After I checked logg in agent I find logg  c:\ProgramData\Cyvera\Loca

...

Resolved! Blocking Domain/URL

Hi Team,

 

I know we can block IP addresses with new feature called host firewall,.Since the ip is dynamic , its not a good option for me. Is it possible to block url or domain in cortex xdr?

 

Cortex XDR ransomware response

Hi everyone,

I wonder how Cortex XDR would take action if, for some reason, an encription script starts.

Until now i have seen that Cortex kill the script at the start, before the encription take action, but what happen if the malware start to encript

...

CORTEX

Hello

We would need to know how this announced incompatibility affects our case and it is necessary to take some action. On the other hand, we do not quite understand what impact the following paragraph has on us: While only Windows 10 version 21H2 an

...

Cortex Xdr Partial protected (7.4)

Hi everyone , 

we have a problem with some of our linux servers ,
the status is partial Protected ,

  • the secure boot is disabled
  • the kernel supported
  • the policy is the same on all servers (also those with status 'protected')

the only thing that i find is th

...

chaim_Avisrur_0-1642512485745.png

Agent Blocking Command Prompt/Powershell

The agent has been blocking acess to the CMD , The licensing has been expired due to which the dashboard cannot be logined. I tired to uninstall agent using Cleaner but even the Agent Cleaner has been blocked. What sort of procedures i should follow

...

Resolved! Dynamic group "starts with"

Hi all,

I need to create a dynamic group based on the first letters of device name, like "starts with" or "not starts with".

I cannot use contains because, for example, I have server name that starts with QQ that should not be inside the group, but ser

...

N2Z2 by L2 Linker
  • 1117 Views
  • 3 replies
  • 0 Likes

Resolved! Report exporting questions

I have a custom timer filed called analysttimer, which recording the time analyst spend on an incident, once the incident this field will shows total time spend. I can see the total time is captured in the analysttimer.totalduration field. 

 

When crea

...

XDR endpoints not scanning

Is there a way to look at only the endpoints that have not been scanned in certain amount of time?
I know I can view all the have been scanned in the last day/week/month etc, but I want to look at the devices that have NOT been scanned. 
I need a "does

...

pdysart_0-1641414295405.png
pdysart by L1 Bithead
  • 1103 Views
  • 3 replies
  • 1 Likes