This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4396 Views
  • 0 replies
  • 3 Likes

Clean up Tags list

Hello All, I want to clean up my tags list, because some of the old tags that we used are not needed any more. We don't have active devices with tags that I want to remove. Any idea from where i can do that? Regards, Vasil

Resolved! Windows 11 security features

We are in the process of testing/implementing Windows 11 OS on endpoints and noticed upgraded security features that are available to toggle on. Some of these protection features are already within the cortex polices. If we toggled these features on would any of them interfere with the Cortex agent or its protection polices? Windows 11 Pro...

KamalKishore_0-1740437562031.png
KamalKishore_1-1740437571171.png

Anti-tampering Protection

Hello, I got incident with Anti-tampering protection which was blocked, i reviewed the alert by CMD C:\WINDOWS\system32\svchost.exe -k GPSvcGroup it it false postive?any ideas? Cortex XDR

Security Channel Subscription Errors

Team, While trying to collect logs from windows, one channel that is consistently resulting in errors is security channel. Systems and Applications work just fine eliminating any possibility connectivity or authentication issues. It is the security channel that is causing issues and not sending logs to XDR. I know it is too broad a question. Giv...

Cortex XDR Query for USB/External Drive Usage

Hi Family Good morning. I am trying to filter the timeframe when a user last connected a USB flash drive or external hard drive using a Cortex XDR query. However, the following query did not return the expected results: dataset = xdr_data | filter event_type = device and event_sub_type = DEVICE_PLUG I would like to retrieve details ...

Issues with Mass Uninstallation of Cortex XDR Agents via SCCM

Cortex XDR sometimes have these stubborn machines that refuse to upgrade to the latest versions. what are ways you use to alleviate this issue? Mine is SCCM.I am trying to automate the mass uninstallation of older versions of Cortex XDR agents via SCCM on hundreds of Windows clients. The issue I’m encountering is related to password handling dur...

V.Wokili by L0 Member
  • 2353 Views
  • 2 replies
  • 0 Likes

Resolved! XQL chart editor

Hi. just i'm little stuck... config timeframe = 1y|dataset= incidents|filter (status in (ENUM.RESOLVED_FALSE_POSITIVE,RESOLVED_AUTO_RESOLVE))|fields creation_time ,status|alter month = format_timestamp("%m",creation_time )|sort asc month|comp count(status ) as total_auto_resolved_inc_month by month,status| view graph type = column subtype = gr...

TNurmi_0-1740054064047.png
T.Nurmi by L2 Linker
  • 1939 Views
  • 1 replies
  • 0 Likes

Resolved! Post detected by Wildfire

Hello dear community, what means Detected (Post Detected)? In our case, we see pdfpower.exe incidents popping up, the user says he didn't download anything to the incident time. I think, the agent is scanning the OS, when there is allready a quarantaine or blacklist entry? What do you think? BR Rob

RFeyertag_0-1687468667966.png
RFeyertag by L4 Transporter
  • 15370 Views
  • 9 replies
  • 0 Likes

How to (temporarily) disable security in Cortex XDR to be able to update the client from outside the Console

Hello team, We need to know how to disable (temporarily) the security in Cortex XDR to be able to update the client from outside the Console. The updates from the console are causing us blue screens and we want to test it using scripts when shutting down the computers (Shutdown policies). Can you tell us how to do it? Regards

Alpalo by L4 Transporter
  • 3751 Views
  • 3 replies
  • 0 Likes

Cortex host insight Vulnerability Assessment average severity score

trying to find XQL query that will take all of our severity scores and give us a average and send that to report. I cant seem find the dataset Not very good with XQL at this time. maybe someone from the community can help dataset = host_inventory | filter 0 is not null and array_length(vulnerabilities) > 0 | alter vulnerability_scores = arra...

TCoffey2 by L0 Member
  • 1132 Views
  • 2 replies
  • 0 Likes

XQL query time setting

Hi! I want to make a report that generates every month and it contains the previous month's data. My problem is that i cannot make it to be created on the first day of the month. So I tried to make the XQL query to work with the previous month's data. I got stuck there. Does anybody know how to do it? Thanks Cortex XDR

Temporary Session installation type

We have a large Citrix farm with session hosts and non-persistent servers. We are using the TS_ENABLED=1 switch when installing the agent but the console is showing standard installation and not Temporary session. I am trying to figure out what the Cortex console looks at on the client to tell if it was a temporary session install. Is it a re...

  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks