Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Cortex XDR Incident Report

Looking for a way to create a report that shows how long it is taking our analyst to close an incident. I have read elsewhere it is not possible since the data is not exposed to xql.  Does anyone know how to create something that would show how long

...

Resolved! Cortex XDR 7.4.1 crashing server

After the installation of xdr 7.4.1, our domain controllers began crashing, and even after a reboot they would lock up.  Has anyone had any issues with the 7.4.1 release on Windows Server 2012 R2?

 

Based on a Windows Dump, Microsoft reported the follo

...

Content update confusion

My content question is, if something still on 7.9. and its no longer supported/ getting content updates, does that mean the virus definitions on the unit with 7.9 is not getting updates or is it more application updates?

 

Resolved! Post detected by Wildfire

Hello dear community, 

what means Detected (Post Detected)? 

In our case, we see pdfpower.exe incidents popping up, the user says he didn't download anything to the incident time.

I think, the agent is scanning the OS, when there is allready a quaran

...

RFeyertag_0-1687468667966.png
RFeyertag by L4 Transporter
  • 2659 Views
  • 4 replies
  • 0 Likes

Resolved! Help finding green alert log screen in Cortex XDR

We were reviewing the latest MITRE results and Palo Alto kicked butt! However, looking through the screenshots https://attackevals.mitre-engenuity.org/results/enterprise?vendor=paloaltonetworks&evaluation=turla&scenario=1 we don't have the same green

...

cdeter_0-1695329770938.png
cdeter by L0 Member
  • 633 Views
  • 2 replies
  • 1 Likes

Cortex XDR External Alert Mapping rules

Hi community,

is there anybody who knows how External Alert mapping rules work in a case there is more than one of them?

Do you create an alert for every rule that was hit or is there some kind of precedence?

There is no mention in documentation.

Tha

...

Resolved! Events That Cortex XDR is Logging

Hi everyone,

Does anyone have a list or any reference to a document where I can see which logs Cortex XDR is gathering from a Windows endpoint? For example, to clearly know, that XDR is gathering all file event types, process creations, gathering even

...

mkuhelj by L0 Member
  • 433 Views
  • 1 replies
  • 0 Likes

Cortex XDR exclusions in McAfee/Trellix

Hi

 

We are currently deploying Cortex XDR as a managed service. However we have on-prem McAfee/Trellix which we are to keep. I've put in McAfee exclusion for "c$\Program Files\Palo Alto Networks". So anything in "Palo Alto Networks" and any subfolde

...

Resolved! XDR Resource IPs for Connectivity to XDR Server

Dear experts, 

 

From the following resource table, two json tables for GCP are provided (one for Google subnet and another for Google IP range associated with my region)

 

Question:

For the connectivity, do we need to allow all GCP IP range (in the

...

SeanDeHarris_0-1695019619119.png

Resolved! Agent v.7.9 Removed???

Hello experts,

 

From the matrix, v7.9 supposed to be the last version to support Win7, just found out 7.9 has been removed from the Agent installation while creating an installer. 

 

Do we need to "downgrade"/use much older v5.0 instead???  

 

 

 

...

SeanDeHarris_0-1694489642033.png
SeanDeHarris_1-1694489727014.png
  • 1735 Posts
  • 78 Subscriptions
Top Liked Authors