Resolved! Cortex XDR-File hash Allow/Block on specific endpoint
Hi everyone,
Can we allow/block the file hash for a particular endpoint instead of allowing/blocking the file hash on all the endpoints?
Regards
This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Palo Alto Networks Approved
Community Expert Verified
About Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Discussions
Mitre ATT&CK coverage
Hello dear Livecommunity,
as you know, Cortex XDR is a very powerful peace of software and I am happy to use and administrate it.
But I never doubt about coverage of the mitre attack patterns and I am a little bit upset, we need to get through th
...Broker VM & SIEM
Hello folks.
How we can forward Cortex Agent logs from Broker VM to SIEM systems?
[agent] ====> [Broker VM] ====> [SIEM]
Cortex XDR
CORTEX XDR
I want to add palo alto firewalls to cortex xdr do I need to add only panorama or do I need to add
Indvidual firewalls to get alert
do i need to use firewall mgmt. ip or panorama mgmt. ip
we have more than 300 firewalls split into HWAN and LAN MFG
...Query regarding malware scan
During initiating the malware scan on connected endpoints suppose the system moves to disconnected state for few days and the scan status starts showing in progress now. Could you please let us know the duration of the malware scan is applicable for
...Malware scan is not getting intiated
Hello,
While initiating malware scan through policy, for certain endpoints the scan is not getting initiated, and the scan status is "None". How can this be resolved?
How to check endpoint has no agent and intregate edl with NGFW
Hi Expert ,
How to check endpoint has no agent and integrate edl with NGFW when found endpoint
Now , I have try to create python script to get all endpoint but not have idea to check endpoint has no agent
Thank you
Resolved! Deploying XDR Agent for Mac with InTune
Hi all,
We're trying to bring our few Macs into the systems management fold, and being a Microsoft shop we want to use InTune to manage them.
Most Mac packages install files and then are configured in a separate set of commands after install. The XDR
...Whitelisting of Files
Hello,
We are running periodic scan on all endpoints . During this scan few files has been detected .We have got confirmation that some of the files are legitimate and it's being used in infra.
Can you please suggest in providing what is the best
...Resolved! XQL Query help is required to narrow down our requirement
Dear All,
We are trying to understand that, there are certain applications installed on a host by using the below query. preset = host_inventory_applications
|filter endpoint_type = "AGENT_TYPE_WORKSTATION"
|filter application_name in("Application A"
Block a digital signer?
Does anyone know if there is a way to block a digital signer? Or does anyone have any better ideas for blocking Wave Browser without blocking all of their ever-changing thousands of hashes?
Resolved! XQL Query Help
Dear All,
We wanted to pull the list of applications installed on our devices and would like to use XQL query to list the applications that are installed, we tried the below with no results, can someone help me how to get this achieved.
config tim
...Resolved! Cortex XDR iOS App
Hello -
Is there a Cortex XDR agent app for iOS, or will there be one in the future?
Thank you,
Joshua
Visualize Running processes through XQL and send alert?
Hello dear community!
is it possible to visualize through XQL a prozess which was not terminated and is still running?
In the causality view it is visualized, but I would need it to create a alert.
If a special process is still running, get a mail
...New solutions
Latest Comments
- bbarmanroy on: Cortex XSIAM + XDR
- bbarmanroy on: How to use interactive script mode Run Kansa investigation powershell
- PiyushKohli on: Confirmed issues with some identity threat modules and risk management dashboard
- bbarmanroy on: Detection of various open source apps
- PiyushKohli on: Cortex XDR unmanaged assets search with XQL
- anlynch on: Access to live terminal with dual control
- FabioFerreira on: Correlation rules and BIOCs
- anlynch on: Non-persistent VDI / agent communication issues
- anlynch on: What is /opt/traps/analyzerd/clad?
- DavidStevens on: MSI stolen certificate alerts
Top Liked Posts
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
Labels
-
Agent
1 -
Best Practice
3 -
Cortex Data Lake
3 -
Cortex XDR
18 -
Cortex XDR Webinars
2 -
Events
1 -
IoT Security
1 -
Isolation
1 -
Management
2 -
PA Firewall
1 -
PAN-Os
1 -
question
8 -
scanning
1 -
Setup & Administration
2 -
SIEM
1 -
threat prevention
2 -
XDR
2 -
XDR Events
2 -
XDR Webinars
1
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks