Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1038 Views
  • 0 replies
  • 2 Likes

Alert "Script Activity - 245655498"

Hello everyone,

 

I just received this alert "Script Activity - 245655498" with this description "Suspicious script with keywords written in a non-standard way." in Cortex multiple times related to PowerShell script execution on a developer machine.

...

Tons of receptivity.io

I recently see a lot of my end machine shitting this domain: receptivity.io

 

Started (I dunno even know, a week ago?) My logs can no longer go far enough back to figure it out.

 

Cause I dunno, MS edge new tab? To hopefully remove the log entries I

...

Zewwy by L3 Networker
  • 3045 Views
  • 7 replies
  • 0 Likes

XDR Malware scan

Hi All,

 

We have a middle team that manages the end users and we are planning to give them the process of scanning the endpoints however if an end user initiates a scan we are not getting the event on ACTION CENTRE which makes it difficult to track

...

Resolved! Periodic scan of shared folders

I have a question about "Periodic scan".

Is it possible to periodically scan a shared folder mounted as a network disk by a Windows Server OS virtual machine?

The purpose is to periodically scan multiple shared folders (SMB).

Nobuya by L0 Member
  • 1009 Views
  • 1 replies
  • 0 Likes

Resolved! XQL Query / Alert Help

I'm trying to create a query / correlation rule to notify me if a certain number of connection attempts have hit a certain IP witihn 'x' amount of time. For example,

 

dataset = panw_ngfw_traffic_raw
| filter (dest_ip contains """xxx.xxx.xxx.xxx""")

...

egolovan by L0 Member
  • 1396 Views
  • 2 replies
  • 0 Likes

Ransomware isolation automation

Hi everyone.

Have XDR Pro. Looking for an "easy" way to automatically isolate a device when ransomware-like behaviors are detected. Looking through the automation configurations, it doesn't appear to be that easy. I obviously don't want to be isolati

...

Resolved! Sending Cortex XDR incidents to MS Teams

So, since XDR has only 3 options of forwarding alerts - email, syslog server and slack. There is no straight method to push alerts to MS Teams. We've found a bypass which is to create an email address for a teams channel and then provide that email a

...

Resolved! Notification via Mail - Improvement

Hello! 

 

Changes are coming with 3.11, but for improvement put this information directly into mail:

 

  • Source
  • Category
  • Action
  • Host
  • Username
  • Starred Alert
  • Excluded Alert
  • Alert ID
  • Incident ID
  • actor_process_image_path
  • actor_process_image_name
  • actor_process_command
...

RFeyertag by L4 Transporter
  • 2193 Views
  • 4 replies
  • 1 Likes

Disk space and usage

Hello, 
If Agent settings are configured at the default 5000mb to allot for XDR agent logs.

How many days would this be expected to cover - ie are there any rough figures on low - high usage devices, to get an estimate.
Looking at dataset use I estimat

...

Cortex XDR Host-Based Firewall

Hi Team,

 

I have a query regarding Cortex XDR's host firewall. We have enabled the host firewall on one machine in reporting mode for testing purposes. The configuration was successful, and we received host firewall events. We collected the detailed

...

  • 2345 Posts
  • 87 Subscriptions
Top Solution Authors
Top Liked Authors