Resolved! Cancel bulk scanning in progress
How to cancel a bulk scanning initiated which is showing in progress state. Even "cancel for pending endpoint" is also no longer working.
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
How to cancel a bulk scanning initiated which is showing in progress state. Even "cancel for pending endpoint" is also no longer working.
Looking for a way to create a report that shows how long it is taking our analyst to close an incident. I have read elsewhere it is not possible since the data is not exposed to xql. Does anyone know how to create something that would show how long
...
After the installation of xdr 7.4.1, our domain controllers began crashing, and even after a reboot they would lock up. Has anyone had any issues with the 7.4.1 release on Windows Server 2012 R2?
Based on a Windows Dump, Microsoft reported the follo
...
My content question is, if something still on 7.9. and its no longer supported/ getting content updates, does that mean the virus definitions on the unit with 7.9 is not getting updates or is it more application updates?
Hello dear community,
what means Detected (Post Detected)?
In our case, we see pdfpower.exe incidents popping up, the user says he didn't download anything to the incident time.
I think, the agent is scanning the OS, when there is allready a quaran
...
Hi Everyone,
I was doing some research on Event IDs that are being gathered by Cortex XDR and I came to the conclusion that the Event ID needs to be enabled on the Windows first so XDR is being able to gather them.
XDR probably does not overrule th
We were reviewing the latest MITRE results and Palo Alto kicked butt! However, looking through the screenshots https://attackevals.mitre-engenuity.org/results/enterprise?vendor=paloaltonetworks&evaluation=turla&scenario=1 we don't have the same green
...
Hi community,
is there anybody who knows how External Alert mapping rules work in a case there is more than one of them?
Do you create an alert for every rule that was hit or is there some kind of precedence?
There is no mention in documentation.
Tha
...
Hi All.
There is a malware that is targeting the components of Cortex XDR, I checked the security advisories page from Palo Alto but did not find anything related to it.
Can someone help me find out if there's anything from PA regarding the same an
...
Hi everyone,
Does anyone have a list or any reference to a document where I can see which logs Cortex XDR is gathering from a Windows endpoint? For example, to clearly know, that XDR is gathering all file event types, process creations, gathering even
Hello there,
What is the purpose of this folder(C:\ProgramData\Cyvera\Ransomware) for Cyvera? Couldn't find even a mention for it so it decided to ask the community.
Thanks
Hi
We are currently deploying Cortex XDR as a managed service. However we have on-prem McAfee/Trellix which we are to keep. I've put in McAfee exclusion for "c$\Program Files\Palo Alto Networks". So anything in "Palo Alto Networks" and any subfolde
...
Hi,
I am adding an email as a IOC in Cortex XDR, but it is not being detected through O365 logs.
Could you help?
O365 log
fieldname : "sender"
data: "{"emailAddress":{"name":"XXXX","address":"xxxx@xpto.com"}}"
Regards,
Dear experts,
From the following resource table, two json tables for GCP are provided (one for Google subnet and another for Google IP range associated with my region)
Question:
For the connectivity, do we need to allow all GCP IP range (in the
...
Hello experts,
From the matrix, v7.9 supposed to be the last version to support Win7, just found out 7.9 has been removed from the Agent installation while creating an installer.
Do we need to "downgrade"/use much older v5.0 instead???
...
Subject | Likes |
---|---|
5 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
1 Like |