This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 271 Views
  • 0 replies
  • 2 Likes

XDR Agent Auto Upgrade installer has timed out.

Hi everyone,

 

I have a customer who has configured the automatic upgrade of XDR Agent, when the new version is released, only a small number of Agents have completed the upgrade, a large number of Linux hosts have failed to upgrade, and the Last Upg

...

yuyangab by L1 Bithead
  • 1502 Views
  • 4 replies
  • 0 Likes

Resolved! Does Cortex XDR support encrypted macros?

Getting this Office warning when trying to open a file containing an encrypted macro.  Are they supported?  If they are then why does the MS Windows Antivirus API incorrectly report?

The host has Cortex XDR Agent 8.6.1 installed.

 

DanRoberts_0-1738314316381.png

Resolved! XQL query for incident report

I like to get a hint how i can build simple xql query for  overtime timeframe for incidents. I need to filter that data, but that kind report that i can show example monthly base report for customer. where there are data for each day

T.Nurmi by L1 Bithead
  • 916 Views
  • 7 replies
  • 0 Likes

XDR Grafana Auth error

Hi everyone,

 

i need your help, i've see all posts related with grafana and Cortex XDR and i've one problem.

 

When i try authenticate with API , using postman, and set enviroment, the post for get endpoints works...but grafana not work.

 

but when

...

tlmarques by L4 Transporter
  • 227 Views
  • 1 replies
  • 0 Likes

Unable to retrive downloaded exe's

Hello everyone,

 

I was trying to check all the downloaded exe's via firewall on all the endpoints in past 24hrs. I tried retrieving all downloaded exe's in downloads folder with the help of this query below. 

dataset = xdr_data
| filter event_type =

...

XDR & Java installs

With the upcoming Oracle Java license changes, I'm looking into using XQL to report on existing installs, and potentially a process based BIOC to block new installs which would incur a licensing fee. 

Anyone familiar with Java know how to differentiat

...

SearchHost.exe

Hello Everyone,

 

I am new to Cortex XDR. I wanted to ask what is searchHost.exe? and if it is safe when it generates alarm (level Medium) in Cortex XDR? If not then any recommendations?

 

Thanks

USB protection exeption for ClickShare usb Device

Hello everybody,

 

if we block USB Drives/Windows drives our ClickShare (USB Screen Share Dongle) devices also get blocked.

But they don´t appear in the "Device Control Violations" list so we can´t exclude them from blocking. 

We tried to exlude the

...

D.Meyer by L1 Bithead
  • 1222 Views
  • 8 replies
  • 0 Likes

Resolved! Basic questions to host firewall

Hello dear community, 

 

what is the correct setting for disabling the management of host firewall through Cortex XDR? Why do I wan't that? Because I need to get the windows firewall running through GPOs. Host firewall from PA Cortex is not suitable

...

RFeyertag_0-1735955355407.png
RFeyertag by L4 Transporter
  • 573 Views
  • 2 replies
  • 0 Likes
  • 2152 Posts
  • 83 Subscriptions
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks