This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4392 Views
  • 0 replies
  • 3 Likes

Resolved! Does Cortex XDR support encrypted macros?

Getting this Office warning when trying to open a file containing an encrypted macro. Are they supported? If they are then why does the MS Windows Antivirus API incorrectly report? The host has Cortex XDR Agent 8.6.1 installed.

DanRoberts_0-1738314316381.png

XDR Grafana Auth error

Hi everyone, i need your help, i've see all posts related with grafana and Cortex XDR and i've one problem. When i try authenticate with API , using postman, and set enviroment, the post for get endpoints works...but grafana not work. but when i not use the enviroment variables, and force only the flags one header, the system not work (usi...

tlmarques by L4 Transporter
  • 914 Views
  • 1 replies
  • 0 Likes

Unable to retrive downloaded exe's

Hello everyone, I was trying to check all the downloaded exe's via firewall on all the endpoints in past 24hrs. I tried retrieving all downloaded exe's in downloads folder with the help of this query below. dataset = xdr_data | filter event_type = ENUM.FILE | filter action_file_path contains "Downloads" and action_file_path contains "C:\Users...

XDR & Java installs

With the upcoming Oracle Java license changes, I'm looking into using XQL to report on existing installs, and potentially a process based BIOC to block new installs which would incur a licensing fee. Anyone familiar with Java know how to differentiate between openJDK installs and OracleJDK installs?

SearchHost.exe

Hello Everyone, I am new to Cortex XDR. I wanted to ask what is searchHost.exe? and if it is safe when it generates alarm (level Medium) in Cortex XDR? If not then any recommendations? Thanks

Uninstall Cortex XDR Agents from endpoints programmatically

Hi, I would like to programmatically uninstall agents from endpoints but are running into dead ends. Currently, based on the documentation (https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Uninstall-the-Cortex-XDR-Agent), we are only able to uninstall the agent via the Action Center or Endpoints page. ...

USB protection exeption for ClickShare usb Device

Hello everybody, if we block USB Drives/Windows drives our ClickShare (USB Screen Share Dongle) devices also get blocked. But they don´t appear in the "Device Control Violations" list so we can´t exclude them from blocking. We tried to exlude the path for the *.exe on the ClickShare but this seems not to work. How can we exlude these ClickS...

D.Meyer by L1 Bithead
  • 4333 Views
  • 8 replies
  • 0 Likes

Resolved! Basic questions to host firewall

Hello dear community, what is the correct setting for disabling the management of host firewall through Cortex XDR? Why do I wan't that? Because I need to get the windows firewall running through GPOs. Host firewall from PA Cortex is not suitable for agents having public IP on their SIM network card. What do I need to set up in the extensi...

RFeyertag_0-1735955355407.png
RFeyertag by L4 Transporter
  • 1628 Views
  • 2 replies
  • 0 Likes

Directories CIEE x Cortex

dear, I have two directories in the cie, but in the cortex in the preset function it only brings the old one, not the newer one. How can I do it in Cortex so that it only brings information from the new directory?

  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks