Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

No recepcion de eventos en Datacet

Good morning Question, is it possible to create a rule to detect when an XDR datacet is not ingesting events?

Query for formatted endpoints

Hello Dears,

Is it possible to write a query to get notified when endpoints are formatted?

Help with XDR Rest query

Hi,

I'm trying to query the Cortex REST API using this doc - https://live.paloaltonetworks.com/t5/cortex-xdr-articles/cortex-xdr-and-xsiam-postman-api-collection/ta-p/443667, but I keep receiving a

"Public API request unauthorized" message. I tried

...

Resolved! How to check ELA(Enhanced Application Logs)

We enable ELA on our NGFWs, forward logs to SLS, and also ingest the SLS logs into our XDR tenant.
Is there a way to verify in the XDR tenant or SLS that logs have been enriched by ELA?

Broker VM, local agent setting status indicator fluctuates between Green to Red

Hello,

Greetings

Can anyone confirm why does status indicator of Broker VM's Local agent setting keeps fluctuating. It keeps changing between "Connected to Connection Failed" also showing inaccessible URLS that are already whitelisted. Also the a

...

Resolved! Device Permanent Exceptions - Is There A Limit?

Hello-
Is there a limit to the number of devices that can be listed within the Permanent Exceptions? Endpoints -> Policy Management -> Extensions -> Device Permanent Exceptions

Thanks.

Cortex XDR - Solutions for log collection without an official integration

Has anyone found a good approach for collecting logs from an API when there isn't an official Cortex XDR integration? For example, Automox has released a Splunk and DataDog app, but the custom collection in Cortex XDR isn't a good fit. We use the B

...

Resolved! Cortex XDR Pro - Looking for Scheduled tasks by name in mass?

Hello dear community,

here is a script for searching specific scheduled tasks by name in mass. The search is via LIKE and wildcards are used.

import subprocess
import sys

def ScheduledTask(scheduler_name):
    # PowerShell-Befehl mit Where-Ob

...

Resolved! Keeping alive a program after closing Live Terminal

Hi everyone,

I'm using Live Terminal to upload/download Microfsoft's MSERT on potentially infected devices, which are isolated.

But, when running msert.exe via Live Terminal, it seems that the process is attached to my Live Terminal instance, meaning

...

Resolved! Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Hi Community,

I’m facing an issue while trying to install Cortex XDR Agent (7.9-CE) on Windows 7 SP1 and Windows 2008 R2 SP1 systems. According to the compatibility documentation, these platforms are supported, but I’m encountering the following erro

...

Resolved! how remove softwares with XDR

Hello,
I've two questions.

First, I would like to know about your experience. How do you handle uninstalling software on specific devices that are not allowed and need to be removed via Cortex XDR without the user noticing?

The second question is: Is i

...

AWS CloudFormation preset template for Cortex XDR

Hi Cortex XDR community,

We are trying to set up Cortex XDR to ingest cloud assets from AWS. It mentioned that aws clouldformation stack needs to be created using preset Cortext XDR template. Where this template can be found? Is there a link to dow

...

Compare results in table to lookup?

I have a lookup with software names and want to use it to compare it to results from xdr_data using the fields actor_process_image_path which is the dir the software in installed in.

config case_sensitive = false
| dataset = xdr_data
| filter event

...

Resolved! Cortex XDR agent deletion after a period of time

Is there any way to delete Cortex XDR agents automatically after a period of connection lost, like 6 months or so? We have a server which was not used for nearly half a year, and our IT team says its agent was deleted without them knowing. Is it real

...

Resolved! Broker VM shown disconnected

Hi, our Broker VM is shown disconnected on XDR console. The VM is up and running and I can connect to it via SSH. It can connect to the paloaltonetworks.com domain as I can see the traffic on firewall. Version is 25.0.44. Even the last seen is today,

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

No recepcion de eventos en Datacet

Query for formatted endpoints

Help with XDR Rest query

Resolved! How to check ELA(Enhanced Application Logs)

Broker VM, local agent setting status indicator fluctuates between Green to Red

Resolved! Device Permanent Exceptions - Is There A Limit?

Cortex XDR - Solutions for log collection without an official integration

Resolved! Cortex XDR Pro - Looking for Scheduled tasks by name in mass?

Resolved! Keeping alive a program after closing Live Terminal

Resolved! Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Resolved! how remove softwares with XDR

AWS CloudFormation preset template for Cortex XDR

Compare results in table to lookup?

Resolved! Cortex XDR agent deletion after a period of time

Resolved! Broker VM shown disconnected

Cortex XDR - API Automation

Cortex not allowing specific Bluetooth devices to connect

XDR Agent on CIE server

Regarding the End of Life for Broker VM

Stopped services Cortex 8.9.0.136780

Re: Cortex XDR - API Automation

XDR Agent on CIE server

Re: Exploits Protection interfering with browser launch

Re: Cortex not allowing specific Bluetooth devices to connect

Re: Installing Cortex Agent on Linux LXD

Unlock your full community experience!

Rules and Best Practices

Resolved! How to check ELA(Enhanced Application Logs)

Resolved! Device Permanent Exceptions - Is There A Limit?

Resolved! Cortex XDR Pro - Looking for Scheduled tasks by name in mass?

Resolved! Keeping alive a program after closing Live Terminal

Resolved! Cortex XDR Installation issue for Windows 7 SP1 and Windows 2008 R2 SP1

Resolved! how remove softwares with XDR

Resolved! Cortex XDR agent deletion after a period of time

Resolved! Broker VM shown disconnected