This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4402 Views
  • 0 replies
  • 3 Likes

Temporary Session installation type

We have a large Citrix farm with session hosts and non-persistent servers. We are using the TS_ENABLED=1 switch when installing the agent but the console is showing standard installation and not Temporary session. I am trying to figure out what the Cortex console looks at on the client to tell if it was a temporary session install. Is it a re...

File retrieval in user context

Hello, Is it possible to retrieve a file which is only accessible in user's context? I have an incident which user opened a file from a network mapped drive. That drive might not be accessible by anyone except for the user. Which user context is used when we initiate File retrieval via: 1. Cortex console or an agent script 2. Live terminal T...

Resolved! XQL - Time alteration

Hello,Here is the scenario:I have a table lookup looking for a specific event. dataset = xdr_data | filter event_type = SOME EVENT | alter TimeOfIntereset = _time Now I want to join this again with the dataset table to enrich it and perform further analysis based on the time. | join type = inner ( dataset = xdr_data | filter event_type = SOME...

XDR Collector DNS

Does anyone know if there is a native DNS collector, similar to the DHCP Collector Agent, for Cortex XDR ? My goal is to enrich XDR with more DNS-related information.

tlmarques by L4 Transporter
  • 1154 Views
  • 2 replies
  • 0 Likes

Mac Cortex XDR Upgrade causing Device Freezing

Hello, My organisation is currently running Cortex XDR 8.6.0 on Sequoia. We're finding that when performing upgrades of the application via the Console or by Jamf that the who device will freeze for 15+ seconds. We're in an environment where we're running both Cortex XDR and Defender (Real Time Protection enabled) and I think it's some sort ...

Resolved! XQL query for incident report

I like to get a hint how i can build simple xql query for overtime timeframe for incidents. I need to filter that data, but that kind report that i can show example monthly base report for customer. where there are data for each day

T.Nurmi by L2 Linker
  • 5870 Views
  • 8 replies
  • 0 Likes

Why there are no related alerts on scanned malicious files.

Hi, we have recently malware scanned an endpoint and upon checking the results, it appears that there were 3 malicious files on the host. Now, I tried to right click and view related alerts on the 3 malicious files and it just shows nothing. What's weird about this is it showing MD5 hashes on External ID field. I checked those hashes via Threat...

2023-06-10 15_39_58-Action Center - Cortex XDR.png
aaronquiamco_0-1686382887819.png

Zulu Time and Convert

so my goals is to convert a jsonextract of a few time stamps:I want to combine them and make a total hours. so start time and expiration time = how many hours total. I cant seem to get the time formatting from a string or I am doing something wrong { "key": "StartTime", "value": "2025-02-14T22:43:21.3182255Z" }, { "key": "Expi...

Resolved! Best way to detect endpoints that do not yet have Cortex XDR Agent installed

Hey guys, I am curious about if there is a way to find out which Endpoints in certain environment do not yet have XDR Agent installed.I still two options, but had no practical experience in testing it: 1. Directory Sync with Cortex XDR. Would it detect endpoints (which are in AD) that do not have XDR Agent yet installed?2. Pathfinder. Would Path...

DKasabji by L2 Linker
  • 18282 Views
  • 17 replies
  • 1 Likes

Creating a stacked bar chart using XQL

I am creating a stacked bar chart that shows the number of alerts per data source per day.Is it possible to display the data source in the displayed graph? The stacked bar I created shows the time.※Whatever I select for the X-axis will be displayed in a stacked graph. A reference image is attached. Cortex XDR

XQL query for vulnerability

Hi. i need to do monthly report for vulnerabilities. So how to create like a trend report for 30 days here is just example for get count, but how to do trend report? dataset = va_cves | filter severity >Medium| filter affected_hosts_count >1| fields name, affected_products, severity| comp count() by severity

T.Nurmi by L2 Linker
  • 1501 Views
  • 2 replies
  • 0 Likes

how to uninstall a package using rescue mode in Debian

my debian server crushed, wa are unable to acces the server(VM on OVH baremetal) using ssh(hard disc), we can usig rescue mode using the root user. after investigation we found that, it is a network problem due to Cortex, now my question is is there a way please using the rescue mode to unsitall coretx from the VM ? I have tried : dpkg -l | grep...

  • 2613 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks