Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Cortex XDR ARM Support still in Private Beta?

We have a lot of devices with ARM architecture and would like to start testing as soon as it's publicly available.

Any update on the timeline for general availability would be appreciated!

XQL removes endpoint CVEs and ALL information

I want to remove all information related to the endpoint "ABC". However, with the following xql query, it only removes cves that are exclusively associated with this endpoint. If a cves is associated with multiple endpoints, the affected_products, af

...

Malware Scans

Hello community.
Do you know what the “scanning complete” column in the malware scan results refers to? I see that in the values it shows 3 folders, does that mean that it only scans those 3 folders? I attach evidence

Role to access va_cves and va_endpoint datasets

Hi,
I need help creating a new role in the console that allows access via API to dump the data from the datasheets va_cves and va_endpoints. Could you help me?
Best regards.

Cortex XDR on Citrix non-persistent multi-user server

Hi community

Quite often we have issues with cortex xdr on citrix infrastructure. Currently meinly with windows server 2022 we are in the situation where it is not possible to run cortex at all because of possibel servercrashes which are not yet anal

...

Resolved! Modification of default scoring for Alert-->Malware--Suspicious Executable Detected

I am looking for a way to modify the severity score for the alert in category Malware, named Suspicious Executable Detected. By default, this stamps the alert with a MEDIUM severity and therefore creates an Incident with that Severity. I would like t

...

Question about folder exclusion

Hello Palo Live Community.

I need to exclude a folder along with all its subfolders and files of any type. To do this, I set up a rule similar to the following:
C:\Program Files (x86)\folder\*
However, I keep getting alerts about suspicious files insid

...

Email alert when a device checks in?

Hello,

Can XDR send an email when a specific device checks in?

Thanks!

Resolved! Automatic Artifact Analysis in Forensic Investigation

I have created and conducted some forensic cases on Cortex XDR, but one thing that has always intrigued me is the "Alert" tab in the Forensic Investigation section. Does this tab contain alerts generated by the automatic artifact analysis feature bas

...

Resolved! XTH licence allocation

We came to a conclusion that only handful of endpoints would benefit from the extra telemetries that add-on is collecting thus we do not want to purchase the add-on for the entire fleet.

Is it possible to allocate XTH add-on only on endpoints that

...

Resolved! Vulnerability Assessment Cortex XDR

I see there are two datasets regarding vulnerability assessment in Cortex XDR "va_cves" and "va_endpoints" dataset. What is the difference between these two? Also is there some dataset or anything in Cortex XDR that I can use to find out if a CVE vu

...

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

New Certifica

...

Resolved! Appcrash Windows event log entry for "cyinjct.dll"

Hello,

I'm wondering if anyone ever had this problem. Appcrash event is occurring for "cyinjct.dll":

Host: Windows Server 2019

Cortex Agent version: 8.7.0.7735

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provi

...

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

Dear Everyone,

I would like to use the XDR BIOC Rule to block the host from creating, editing, deleting, renaming, etc. files in specific file paths.

I tried to write a BIOC Rule but found that it can't be successfully applied to the Restrictions p

...

On-demand file Examination policy

Hi,

I've got 3 questions.
1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are bein

...

User

Likes Count

12 Likes

8 Likes

4 Likes

2 Likes

Cortex XDR Discussions

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Resolved! Cortex XDR ARM Support still in Private Beta?

XQL removes endpoint CVEs and ALL information

Malware Scans

Role to access va_cves and va_endpoint datasets

Cortex XDR on Citrix non-persistent multi-user server

Resolved! Modification of default scoring for Alert-->Malware--Suspicious Executable Detected

Question about folder exclusion

Email alert when a device checks in?

Resolved! Automatic Artifact Analysis in Forensic Investigation

Resolved! XTH licence allocation

Resolved! Vulnerability Assessment Cortex XDR

Cortex xdr agent certificate

Resolved! Appcrash Windows event log entry for "cyinjct.dll"

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

On-demand file Examination policy

XQL Creation time filter

Vulnerabilities Over Time Dashboard - Cortex

Join two datasets and count how many times a host appears, even if zero

Vulnerability Assessment Cortex XDR

Cortex XDR XQL query to get list of all vulnerabilities

Re: Cortex XDR XQL query to get list of all vulnerabilities

Re: Join two datasets and count how many times a host appears, even if zero

Re: Broker VM and direct connection

Re: Cortex XDR Deletion

Re: VMWare tools (vmtoolsd.exe) - Masquerading - 4203898100

Unlock your full community experience!

Cortex XDR Discussions

Rules and Best Practices

Resolved! Cortex XDR ARM Support still in Private Beta?

Resolved! Modification of default scoring for Alert-->Malware--Suspicious Executable Detected

Resolved! Automatic Artifact Analysis in Forensic Investigation

Resolved! XTH licence allocation

Resolved! Vulnerability Assessment Cortex XDR

Resolved! Appcrash Windows event log entry for "cyinjct.dll"