This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

Dear Everyone, I would like to use the XDR BIOC Rule to block the host from creating, editing, deleting, renaming, etc. files in specific file paths. I tried to write a BIOC Rule but found that it can't be successfully applied to the Restrictions profile, and there is no Alert generated due to the matching of this rule, does anyone know why it...

On-demand file Examination policy

Hi, I've got 3 questions.1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are being scanned, other are not. What might be the reason?2. Also for them to work do I have to always r...

jannette by L0 Member
  • 1248 Views
  • 1 replies
  • 0 Likes

Legacy Agent Exceptions or New menu??

Hi, what's your opinion? Legacy Agent Exceptions or Global Exceptions Menu?? What's the difference? Which one is better? Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings already configured in the other menu

tlmarques by L4 Transporter
  • 2006 Views
  • 3 replies
  • 0 Likes

Alert for Any PowerShell Script Execution in Cortex XDR

Hi Cortex XDR Community, I want to set up an alert in Cortex XDR that triggers whenever any user runs a PowerShell script. The alert should activate for any script or command executed in PowerShell, regardless of the user or specific script. Is there an existing rule or method to create such an alert for PowerShell usage? Any suggestions or exam...

Custom Parsing Rule - Cohesity

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets The only known issue I'm seeing so far is the logs get duplicated into the cohesity "raw" dataset at the end.. not sure how to fix that quite yet.

Scanning Linux host, only scans a portion of the FS

Hello there, I recently initiated a Malware scan on a linux host and when I went to see the results I see that it seems that it scan only two dirs (/opt, /usr) only. Why is that the case? The host has more directories of course and there are multiple filesystems that are mounted onLastly, I don't see any connection between the two.

Panagiss by L1 Bithead
  • 1182 Views
  • 2 replies
  • 0 Likes

Role based privilege's

Dear Team,As per the client requirement, Kindly suggest for the role based privilege's that can be assigned L1 and L2 users accordingly.where L1 is lower level engineer and L2 is above L1.

Powershell problem

Hi forum, I have a problem with PowerShell, specifically with the file located at C:\Program Files\Winget-AutoUpdate\winget-upgrade.ps1. When I restart the computer, Cortex send alert appears regarding winget-upgrade.ps1. I created a disable prevention rule, but it is not working. Here is the information I added: Files: C:\Windows\System32\Wind...

Resolved! Endpoints with Public IP

Hi All, looking for some help here on creating an XQL query to search for any endpoints that are assigned public IP addresses. I searched and didn't see anything in the Live Community that already speaks to this. I appreciate any support you can provide. Thank you,Joe

Cortex XDR AWS Marketplace

Hey,I've recently purchased Cortex XDR via the AWS Marketplace - I haven't gotten an email or indication that my Cortex XDR instance has been created or what it's status is.Would love some help with this!Thanks,Itai

Resolved! Dump alert data Analysis

Does anyone know how we can and how we should analyze a dump file when we do a retrieve alert data on Cortex XDR # I've alerts related with memory dump, normally initiator is excel, and 99% i think the cause is excel crash or file have macros/vba inside. how i can check if the problem is macro/VBA??

tlmarques by L4 Transporter
  • 1351 Views
  • 1 replies
  • 0 Likes

Unauthorized - 4010402

Hi Community, Has anyone encountered the "Unauthorized - 4010402" error when trying to log into their tenant account? I attempted to log in, but I received this message. Does anyone know what could be causing this issue or how to resolve it? Thanks in advance for your help!

userLoginName_0-1741586157475.png
Y.Zalsov by L1 Bithead
  • 1997 Views
  • 3 replies
  • 1 Likes

Resolved! Cleanup endpoint and CVE List

Hi,I need your help to understand if there is an option on Cortex XDR to periodically clean up the endpoint list (for lost connections) and remove any vulnerabilities associated with those endpoints.

tlmarques by L4 Transporter
  • 1142 Views
  • 1 replies
  • 0 Likes
  • 2601 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks