This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 760 Views
  • 0 replies
  • 2 Likes

Cortex XDR XQL Query


Hi, 
I wanna sort my query as operational_status in (UNPROTECTED, PARTIALLY_PROTECTED) everyday (Like from Monday to Sunday Statistics) 
My query looks like this 
config case_sensitive = false
| dataset = endpoints
| filter operational_status in (UNPROT

...

Resolved! LSASS creating a cache1.bin on appdata

We have an alert on 2 different device that LSASS is creating a cache1.bin on app data.

All are created by NT\SYSTEM

 

Location detected

C:\Users<my username>\AppData\Local\Microsoft\Windows\SFAP\cache1.bin

C:\Windows\ServiceProfiles\UIFlowService\Ap

...

Winget Command

Hello dear Community,

 

I have the following problem: I can’t use the Win-Get command on the XDR terminal in Cortex. Can someone help me to make this command executable on the PowerShell XDR terminal.

 

 

FRafuna_0-1723637086115.png
F.Rafuna by L0 Member
  • 1697 Views
  • 3 replies
  • 1 Likes

Cloud Identity Engine

Hi Community,

 

We have integrated the Cloud Identity Engine into the environment. Currently, the Palo Alto Hub page shows the Cloud Identity certificate expiring in a month.

 

We checked the Palo Alto article https://docs.paloaltonetworks.com/cloud-

...

Resolved! json_extract_array do not return result

I've got json like below and trying to extract each key_name via json_extract_array but getting empty column vendor

query is

dataset = host_inventory

| fields application as aps

| alter vendor = json_extract_array(to_json_string(aps),"$.key_name")

 

...

XDR Agent 8.5.0.2457 on macos 14.5

Hi community,

 

After my laptop upgrade to the last version of xdr agent i get the following:

 

Randomly the system looks as if it's loading and after a few seconds it's back to normal. the machine doesn't crash but the mouse keeps showing the hourgl

...

LEYA-DSI by L1 Bithead
  • 1236 Views
  • 4 replies
  • 0 Likes

Resolved! Cortex XDR Cloud Compliance

Hi Community,

 

We have enabled the Cortex XDR agent Cloud Compliance on certain Linux machines. The configuration was successfully completed, and the Cloud Compliance tab is visible. We are interested in retrieving the Cloud Compliance data using an

...

Alert "Script Activity - 245655498"

Hello everyone,

 

I just received this alert "Script Activity - 245655498" with this description "Suspicious script with keywords written in a non-standard way." in Cortex multiple times related to PowerShell script execution on a developer machine.

...

Tons of receptivity.io

I recently see a lot of my end machine shitting this domain: receptivity.io

 

Started (I dunno even know, a week ago?) My logs can no longer go far enough back to figure it out.

 

Cause I dunno, MS edge new tab? To hopefully remove the log entries I

...

Zewwy by L3 Networker
  • 2743 Views
  • 7 replies
  • 0 Likes
  • 2284 Posts
  • 86 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks