This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 590 Views
  • 0 replies
  • 2 Likes

Resolved! Periodic scan of shared folders

I have a question about "Periodic scan".

Is it possible to periodically scan a shared folder mounted as a network disk by a Windows Server OS virtual machine?

The purpose is to periodically scan multiple shared folders (SMB).

Nobuya by L0 Member
  • 832 Views
  • 1 replies
  • 0 Likes

Resolved! XQL Query / Alert Help

I'm trying to create a query / correlation rule to notify me if a certain number of connection attempts have hit a certain IP witihn 'x' amount of time. For example,

 

dataset = panw_ngfw_traffic_raw
| filter (dest_ip contains """xxx.xxx.xxx.xxx""")

...

egolovan by L0 Member
  • 1122 Views
  • 2 replies
  • 0 Likes

Ransomware isolation automation

Hi everyone.

Have XDR Pro. Looking for an "easy" way to automatically isolate a device when ransomware-like behaviors are detected. Looking through the automation configurations, it doesn't appear to be that easy. I obviously don't want to be isolati

...

Resolved! Sending Cortex XDR incidents to MS Teams

So, since XDR has only 3 options of forwarding alerts - email, syslog server and slack. There is no straight method to push alerts to MS Teams. We've found a bypass which is to create an email address for a teams channel and then provide that email a

...

Resolved! Notification via Mail - Improvement

Hello! 

 

Changes are coming with 3.11, but for improvement put this information directly into mail:

 

  • Source
  • Category
  • Action
  • Host
  • Username
  • Starred Alert
  • Excluded Alert
  • Alert ID
  • Incident ID
  • actor_process_image_path
  • actor_process_image_name
  • actor_process_command
...

RFeyertag by L4 Transporter
  • 1770 Views
  • 4 replies
  • 1 Likes

Disk space and usage

Hello, 
If Agent settings are configured at the default 5000mb to allot for XDR agent logs.

How many days would this be expected to cover - ie are there any rough figures on low - high usage devices, to get an estimate.
Looking at dataset use I estimat

...

Cortex XDR Host-Based Firewall

Hi Team,

 

I have a query regarding Cortex XDR's host firewall. We have enabled the host firewall on one machine in reporting mode for testing purposes. The configuration was successful, and we received host firewall events. We collected the detailed

...

Resolved! browsers extensions Alert

Hello dear community, 

 

I would like to see more rules which are containing everything about browser extensions. Like in chrome, "browser extension was created".

 

I know to manage chrome via GPO, but there are not always Active Directories and I wo

...

RFeyertag by L4 Transporter
  • 4007 Views
  • 4 replies
  • 0 Likes

Resolved! Cortex XDR XQL query

Hi Community,

 

I have a query regarding XQL. I have a list of over 100 approved application names available. How can I easily find the unapproved applications installed on machines, compared to the approved application versions?

Resolved! Cortex XDR Analytics BIOC Rules' Severity

I am writing to inquire about the procedure for modifying the severity levels of BIOCs (Behavioral Indicators of Compromise) within the Analytics module of Cortex XDR. Specifically, we are looking to understand how to create or adjust a custom rule w

...

  • 2255 Posts
  • 86 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks