This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4383 Views
  • 0 replies
  • 3 Likes

Child(?) Broker VM Setup

We are a semi-isolated environment with no internet connectivity, and have a customer requirement of having minimal network traffic between our environment and one with internet connectivity. We are looking at implementing Cortex XDR on our environment, and tying into the Broker VM (Broker-A) that the internet connected environment utilizes. ...

aghesse by L0 Member
  • 763 Views
  • 1 replies
  • 0 Likes

cortex xdr custom xql query to view server operational status

hi, Most of the customer who uses paloalto cortex xdr want to visualize the server operational status in a dashboard in that case use below query as follows, "dataset = endpoints | filter operating_system contains "windows server" or operating_system contains "ubuntu" | fields endpoint_name as endpoint_name, operating_system as operating_syste...

The compliance violation dashboard is empty.

Good morning, team, I wanted to ask a technical question. We currently have five Linux hosts in our tenant, but when I log into the dashboard to see the compliance violations for these hosts, I don't see any information. To see the compliance violations on the Linux hosts, do I need to have a minimum number of hosts or meet some other requirem...

Dashboard refresh time

Hi, I have noticed that Cortex XDR is not refreshing dashboards on its own and it requires to press the refresh button. Is it possible to set the refresh time somewhere in the configuration settings?

How to Filter Incidents by Creation Time in XQL Within a Specific Timeframe?

I need to write an XQL query for a fortnightly report. The query I currently use is shown below, but it's incorrect for my purpose: config timeframe between "2025-03-01 00:00:00 +0000" and "2025-03-15 23:59:59 +0000" | dataset = incidents | filter status in (ENUM.RESOLVED_FALSE_POSITIVE, ENUM.RESOLVED_TRUE_POSITIVE) Although I have defined t...

Chamindu by L1 Bithead
  • 1788 Views
  • 2 replies
  • 0 Likes

get_incidents filter by status question

Hi all! I see the docs (https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-all-Incidents) for get_incidents lists only eq/neq operators for the field 'status' and when implementing a new filter model for this endpoint I noticed we are successfully using the 'in' operator: {'field': 'status', 'operator': 'in', 'value': ['new', '...

Cortex XDR-Extensions Policy Rules

Hello Everyone, He have a policy management in the extension policy rules to Block the USB in the workstation. Now we find a issue with samsung mobile, when the device is connected and mass storage is allowed it skips the policy and for some reason it is not being applied, for the rest of the devices (apple, xiomi, pixel) these are blocked. I ...

Bitlocker + Intune + XDR

Good morning everybody, I would like to ask you about the Disk Encryption Visibility tab in Cortex XDR. When the endpoint is managed by Microsoft Intune and the Bitlocker function is managed also from there, I would like to see a proper Encryption status - Compliant. Or find a way how to match settings done by Intune and properly detected by XD...

High Memory Usage Due to Cortex Telemetry Backlog

I'm experiencing high memory usage issues on some endpoints, and about 99% of it appears to be caused by Cortex. Why does this happen?Cortex consumes telemetry in real time. However, if it fails to send the telemetry from the machine to the Cortex gateway (for various reasons), it accumulates the data locally and then sends it all at once. This ...

cvrsilva by L1 Bithead
  • 1761 Views
  • 3 replies
  • 0 Likes

Rule hidden_imgs

Hello Everyone, The cortex agent is blocking a legitimite file which is hidden. What is the solution of this. The alarm is also not generated in cortex xdr.Thanks for your help

Resolved! Cortex XDR along with Defender for endpoint Compatibility

Does anyone have a list of guidelines to follow when running cortex xdr (Report mode) in parallel with defender (active mode) for workstations as well as servers? Do i need to do any exclusions/whitelisting? Do I need to disable any features in XDR to prevent issues? In xdr compatibility matrix https://docs-cortex.paloaltonetworks.com/r/Cortex...

  • 2608 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks