Cortex XDR integrations

Is there a Macmon NAC integeration in Cortex XDR? Are there any experiences?

Cortex XDR Pro Web Control Feature?

How does Cortex XDR Pro provide Web Control to prevent end-users from accessing malicious sites? Are the AI and ML components of Cortex XDR leveraged in this situation to determine if a website is malicious/phish/spam/etc. or is there not any feature

WebEx.exe started being blocked and markete as malware.

Here in the past few days I noticed that when every someone tries to join a webex meeting it is being blocked and market as malware. Has anyone else experienced this.

Adding Process\file global exceptions in XDR

Hi, 

I want to add an exception for an in house app that the xdr keeps blocking. I tried adding a global exception as outlined here - https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/exceptions-security-profi

XQL Query in which I can know by country how many logins exist.

Good morning,

I am starting this conversation to request your support to create an XQL query for Cortex XDR in which I can know by country how many logins exist.

If you help me with the geolocation dashboard it would be great.

For example:

from the U

Need a clarity about CGO , Initiator details and Target details in XDR Alerts / Incident Section

I am facing difficult in understanding the concepts of CGO , Initiator and Target process details while Triaging alerts and Incidents.

According to Palo alto Admin guide. They have provided the below details.

CGO NAME : The name of the process th

License

Hello, 

I know that when we buy cortex xdr prevent and pro per GB license, it comes with default data lake. But we cannot access this data lake from HUBs as we did in the past. 

And, I know that we can but Data Lake for Prisma and IOTs. But I won

XQL query to pull USB plug-in statistic

Dear community,

I'm trying to generate the USB plug-in statistic to build case around it. Hence the following 2 XQL queries were built. The only issue is I'm not sure which one is the more accurate data as i found both results are not even close.
Do

How to pick up the trail when it stops at the domain controller?

Hello Community! 

Situation: We are seeing XDR incidents where NGFW detects something trying to reach out to malicious websites. This is automatically mitigated by dropping the connection on both ends, as it should. However, it seems this results in

Legacy Agent Exception

Hello, 

I have a file and when I run it, Cortex XDR blocks it and shows me some information:
"""

Application information:
Application name:  Windows Explorer
Application version:  10.0.22621.3007
Application publisher:  Microsoft Corporation
Process ID:  

Update hostname VDI Golden Image

Hi ,

we need change hostname on Golden Image VDI , it's necessary reinstall agent  Cortex XDR or exist some command to update this?