Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Changing Broker VM's internal network subnet

Hi all

Is there a way to change the internal network subnet through other means other than the webui?

The default 172.17.0.1/16 collides with the network this broker vm is on. We are having trouble accessing the webui but somehow we can ssh in. Wante

...

Resolved! Suppression of Incicent - Source Analytics

We are getting high number of false positives which are from source - XDR Analytics how do i suppress them?

This Incident count is affecting SLAs

BIOC Rule - CGO V/S Actor_process_image_name

I wanted to understand, if i want to see certain cmdline activities from "x" Process.

Want to know what will be more efficient putting the "x" process in "Causality_actor_process_image_name"

or in "actor_process_image" while creating a BIOC

Proofpoint TAP Integration - XQL Query Help

Has anyone worked with PP TAP integration and creating any useful XQL queries to help identify potential malicious mail that a user interacts with? As example:
Email was not determined "bad" initially but after some sandbox from PP, it is later class

...

Rollback feature for agent upgrade

Where can I find agent agent upgrade rollback plan for failed upgrades in cortex XDR?

XDR Agent Conenction Status : Connection Lost

Hello guys!

I was thinking about what happens to Cortex XDR agent showing connection status as Connection Lost . I know XDR agent who failed to communicate to Management console for past 30 days would go to connection lost.

My doubt is if XDR age

...

Query to detect any file/folder that are being hidden

Hi All,

Can someone please share the query to detect if any file or folder is being hidden?

Regards,

Shahwaz

HELP - XQL QUERY For XDR and XSOAR

Hi,

I am creating a playbook with the objective of integrating Cortex XSOAR and Cortex XDR .

The idea is for Cortex XSOAR to query Cortex XDR , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the

...

Cortex XDR

Hello, Is there any possibility that the customer may utilize Cortex XDR agent in two domains, taking into account that first one has tenant id, the other doesn't?

Thank you in advance.

Cortex XDR Agent Service Get Stopped.

Hello Guys!

Just wanted a clarification that once the Cortex XDR agent service : cyserver.exe get stopped due to any reason.

1.How the system service restarts again ?

2. How many or frequency of heartbeats does cortex xdr agent send to Cortex XDR

...

Difference between Detected and Detected (Reported)

I need to know the difference between both actions seen in alerts and if it's related to profiles configuratios(Block, Report Disabled). If it's set to Report, the action will appear like Detected (Reported) because it could be blocked?

Resolved! Microsoft Store Blocker

Dear,

Its it possible to block Micorsoft Store using cortex?

Linux RHEL kernel support isn't fast enough - problem

Hello,

After using Cortex XDR on Linux RHEL for several months, we've observed that the support turnaround time for new RHEL kernels (from RHEL 6 to 9) is highly unpredictable. This can range anywhere from 2 to 10 weeks. Without supported ker

...

Unable to add multiple folders in exclusion list

Hi Team,

Am unable to add multiple folders under Exception configuration page. I have 20+ folders which i need to exclude in Cortex XDR, i went to Exception Configuration-->Disable Prevention policy-->Add Rule. I have to do this each every time for e

...