This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4421 Views
  • 0 replies
  • 3 Likes

custom scan with xdr agent for linux

Hi, i would like to know if it's possible to do a custom scan for a specific file like we can with the cortex agent for windows but i would like to do it for linux. I just see how to launch a global scan under linux but not a specific file. Thanks for your help Guillaume

Groche by L0 Member
  • 757 Views
  • 1 replies
  • 0 Likes

ERROR MESSAGE: This email is already registered with an account

Dear Team,I recently created some users, but I made some mistakes with data entry, so I deleted 1 user, leaving me with 2 users to be deleted. I would like to recreate the deleted user with the right information. But I'm experiencing some issues with error message "This mail is already registered with an account" Please i can i resolve this

A.Efobi by L0 Member
  • 1369 Views
  • 1 replies
  • 0 Likes

Cortex XDR on Windows 10 LTSC

Hello,We have not been able to install cortex XDR on a windows 10 LTSC machine. It starts to install but then fails. Is there a separate installation for Windows 10 LTSC machines?

M.Mills by L0 Member
  • 879 Views
  • 1 replies
  • 0 Likes

Split nested JSON

I have a field named "ModifiedProperties" and it has values like this below, I cant for the life of me figure out how XQL splits these up, Splunk uses SPAN or MVexpand and it works like a champ but i cant figure out what function does the same thing in XQL. THANK YOU! [ { "Name": "StrongAuthenticationRequirement", "NewValue": "[]", ...

Resolved! How to check powershell version at cortex XDR

Hi everyone, I'm a beginner of Cortex XDR. I need to confirm what devices have older versions of powershell installed and when I search for apps named powershell using host inventory I can only get 300+ results for powershell 7. I changed some keywords, i seems all other versions below powershell 7 are not searchable. And I tried to use quer...

Palo Alto Cortex IIS API Query

Hello Everyone, We ingest IIS logs by querying Cortex using a custom-built sensor utility. Recently, we've started encountering a NullPointerException. Upon investigating in our test environment, we found that the issue is related to a field in the query result that represents the API query cost, which we use internally for debug logging. P...

Cortex XDR Linux Agnet version 8.7.0.131661

Hi Team, We tried to install the XDR agent version 8.7.0.131661 on a Linux machine. The installation was successful, but the XDR services are all in a "stopped" status. We attempted to start all services using the command cytool runtime start all, but no error was found after entering this command. However, we still see that all services are i...

VSCode Very Slow with Cortex XDR installed

Hey all, We deployed Cortex XDR a few months ago and since then our developers have been very frustrated with the performance of VSCode. When VSCode is launched the Cortex XDR Service on the system spikes heavily with CPU usage, and VSCode takes an absolute age to start. If we disable protection with Cortex (or just uninstall), VSCode is sn...

JNester by L0 Member
  • 1486 Views
  • 2 replies
  • 0 Likes

Child(?) Broker VM Setup

We are a semi-isolated environment with no internet connectivity, and have a customer requirement of having minimal network traffic between our environment and one with internet connectivity. We are looking at implementing Cortex XDR on our environment, and tying into the Broker VM (Broker-A) that the internet connected environment utilizes. ...

aghesse by L0 Member
  • 782 Views
  • 1 replies
  • 0 Likes

cortex xdr custom xql query to view server operational status

hi, Most of the customer who uses paloalto cortex xdr want to visualize the server operational status in a dashboard in that case use below query as follows, "dataset = endpoints | filter operating_system contains "windows server" or operating_system contains "ubuntu" | fields endpoint_name as endpoint_name, operating_system as operating_syste...

The compliance violation dashboard is empty.

Good morning, team, I wanted to ask a technical question. We currently have five Linux hosts in our tenant, but when I log into the dashboard to see the compliance violations for these hosts, I don't see any information. To see the compliance violations on the Linux hosts, do I need to have a minimum number of hosts or meet some other requirem...

  • 2618 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks