Our company just got this Cortex endpoint protection but it seems to me like it is just a endpoint management software that was able to detect a few malware. Anyone have experience with traps or cortex?
Currently, I can create one-off or scheduled queries for authentication data / events but not BIOC rules which isn't ideal because scheduled queries don't create incidents.
Is it on the roadmap to add this ability?
Thanks.
It'd be very useful for things like failed logons or network connection attempts if BIOC rules could utilise timeframes.
Is this on the roadmap?
It could work well if this was done in a similar way to NGFW → OBJECTS → Custom Objects → Vulnerability →
...
Hi Team, I am using create_incident API to create incidents. Below is the sample code. I can create an incident when I use "messages" as String. Basically, this is custom_fields and its data vary from incident to incident. Some incidents may have
...
Hi All
We are receiving large number of alerts in our cortex xdr console, The alert is as below, (hostname and user name I have kept as XYZ for privacy)
'Kernel Privilege Escalation' generated by XDR Agent detected on host XYZ involving user XYZ"
In
...
Hi community,
Can cortex detect and analyze .zip files with password and delivered via email?
After reading https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-release-notes/release-information/features-introduced/features-introduced-in-2020.html#ide2559432-5eb3-4f83-8e85-c4159aeed9ed → "MITRE Tags Enhancements", I retroactively ad
...
Hello Friends,
Does anyone knows how can we send the Mitre ATT&CK information/reference from Cortex XDR Alerts via Syslog?
The default configuration does not have this reference.
Hi all,
Has anyone ever had it where an agent will lose connectivity with the management console and will not reinstall afterwards?
I have an endpoint that lost connectivity with the console. Would not check back in. I removed it via the Control P
...
Hello,
We have just recently implemented Cortex XDR for endpoint protection and have a question about web filtering. Are there profiles/polices in Cortex XDR that can enable any web filtering features or is web filtering strictly a firewall feature?
...
Hello,
We are an existing Palo customer and we are moving to Cortex XDR for our Antivirus solution. In our current AV application we have groups for different clients based on exceptions or application for various reasons. It is very easy to create i
...
XDR Analytics BIOC
XDR BIOC
PAN NGFW
XDR IOC
XDR Analytics
XDR Managed Threat Hunting
XDR Agent
Hi Community,
Does Cortex XDR support to be installed on Windows 10 20h2?
Thanks!
Hi Community,
I am unable to upgrade the Traps agent from v5.0.x to 7.2 using the rule from XDR console. I have upgraded from 6.0. Not sure whether my antivirus is blocking it.
I can see the version is showing as upgraded in the console for a while th
...
