Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! afficher un message via un script python sur les endpoints isolés

bonjour,

je souhaiterais afficher un message sur l'écran des postes isolés, cependant le module python " tkinter" ne fait pas partie des modules disponibles pour les scripts exécutés par le XDR Cortex.

auriez-vous une solution ?

Merci.

How to Effectively Restrict Specific Files Across All Locations in Cortex XDR?

I am facing a challenge in Cortex XDR regarding file restrictions. When we need to block a specific file on endpoints, we add its file path to the restriction profile. This effectively blocks users from accessing or opening the file in the specified

...

Resolved! Difference xdr_login_events and authentication_story

Does anyone know the difference between the preset xdr_login_events and authentication_story?

Which datasets are these presets based on?

I can't find any documentation about the preset xdr_login_events

Thanks in advance

Resolved! How to change password expiration for Users in Cortex XDR?

Dear Team,

We want to change the password expiration of all the users in our tenant to some specific weeks.

Is it possible from CSP or Cortex Web Console?

Regards,

Atul

Managing Updates (Content & Agent Upgrades)

Hello dear community,

I have a few questions how did you implemented your staging in Cortex XDR? Or did you say, no we trust PA and do not delay the content updates?

It is all about these two categories in the agent settings:

Content Auto-Up

...

cortex agent update failed ：Insufficient log content.

Hello guys， cortex agent update failed,current version 8.4.1.53273 and target version is 8.5.0.624. The addititioan data display: Insufficient log content. Has anyone ever been in such a situation? How to solve it?

Dashboard Computers Active Directory x Cortex

dear,
Is it possible to create a dashboard that lists the machines in my ad and says which ones have Cortex installed?

Resolved! Cortex XDR agent SAP HANA

Hello everyone,

does anybody know if the Cortex XDR agent for Linux systems is officially certified for SAP HANA environments (Redhead) ?

Are there any documentations about this? Haven´t found anything to this.

Thanks and regards,

Tobias

XDR grouping

Hi Guys,

In palaalto endpoint grouping

what is static grouping
What is dynamic grouping

Where this scenario works with example

Resolved! Incorrect Endpoint Type Reporting in Cortex for Ubuntu 24.04 LTS Machine

Hi Team,

The Cortex endpoint type is reporting incorrectly for one of the Ubuntu 24.04 LTS machines. It is a workstation, but it is being reported as a server in Cortex. Is there an option to change this directly in the Cortex console, or is there an

...

No recepcion de eventos en Datacet

Good morning Question, is it possible to create a rule to detect when an XDR datacet is not ingesting events?

Query for formatted endpoints

Hello Dears,

Is it possible to write a query to get notified when endpoints are formatted?

Help with XDR Rest query

Hi,

I'm trying to query the Cortex REST API using this doc - https://live.paloaltonetworks.com/t5/cortex-xdr-articles/cortex-xdr-and-xsiam-postman-api-collection/ta-p/443667, but I keep receiving a

"Public API request unauthorized" message. I tried

...

Resolved! How to check ELA(Enhanced Application Logs)

We enable ELA on our NGFWs, forward logs to SLS, and also ingest the SLS logs into our XDR tenant.
Is there a way to verify in the XDR tenant or SLS that logs have been enriched by ELA?

Broker VM, local agent setting status indicator fluctuates between Green to Red

Hello,

Greetings

Can anyone confirm why does status indicator of Broker VM's Local agent setting keeps fluctuating. It keeps changing between "Connected to Connection Failed" also showing inaccessible URLS that are already whitelisted. Also the a

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Resolved! afficher un message via un script python sur les endpoints isolés

How to Effectively Restrict Specific Files Across All Locations in Cortex XDR?

Resolved! Difference xdr_login_events and authentication_story

Resolved! How to change password expiration for Users in Cortex XDR?

Managing Updates (Content & Agent Upgrades)

cortex agent update failed ：Insufficient log content.

Dashboard Computers Active Directory x Cortex

Resolved! Cortex XDR agent SAP HANA

XDR grouping

Resolved! Incorrect Endpoint Type Reporting in Cortex for Ubuntu 24.04 LTS Machine

No recepcion de eventos en Datacet

Query for formatted endpoints

Help with XDR Rest query

Resolved! How to check ELA(Enhanced Application Logs)

Broker VM, local agent setting status indicator fluctuates between Green to Red

Cortex XDR - API Automation

Cortex not allowing specific Bluetooth devices to connect

XDR Agent on CIE server

Regarding the End of Life for Broker VM

Stopped services Cortex 8.9.0.136780

Re: Cortex XDR - API Automation

XDR Agent on CIE server

Re: Exploits Protection interfering with browser launch

Re: monitor command line on powershell or cmd with XQL

Re: Cortex not allowing specific Bluetooth devices to connect

Unlock your full community experience!

Rules and Best Practices

Resolved! afficher un message via un script python sur les endpoints isolés

Resolved! Difference xdr_login_events and authentication_story

Resolved! How to change password expiration for Users in Cortex XDR?

Resolved! Cortex XDR agent SAP HANA

Resolved! Incorrect Endpoint Type Reporting in Cortex for Ubuntu 24.04 LTS Machine

Resolved! How to check ELA(Enhanced Application Logs)