This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 741 Views
  • 0 replies
  • 2 Likes

Report XQL Bitlocker

Hello,

I created a report to display computers with Bitlocker that is not compliant :

config case_sensitive = false | dataset = endpoints | filter encryption_status = ENUM.APPLYING or encryption_status = ENUM.NOT_COMPLIANT | filter endpoint_type = EN...

lstaub by L0 Member
  • 1180 Views
  • 2 replies
  • 0 Likes

Parsing at Broker VM level

I'm using COLLECT parsing rule to manipulate data at broker VM level before ingestion

 Rule basically filters out on raw log that I generate specific to my test like some log line that contains text criticalevent along with some date and random machi

...

Fm12345 by L2 Linker
  • 908 Views
  • 1 replies
  • 0 Likes

Block APP

Dear,

 

I want to block an application, I configured it to block by the process, but when changing the name of the executable it also changes the name of the service as shown in the images. Would I be able to block it by the name that appears in the

...

Future of Cortex XDR

Hello dear community, 

 

we all now the future of SOC is Cortex XSIAM. 

What will happen to Cortex XDR in the future? I didn't see any planned new KI implementations into XDR. 

If you have more informations, please let me know.

 

BR

 

Rob

 

RFeyertag by L4 Transporter
  • 1319 Views
  • 2 replies
  • 0 Likes

Long Malware Scan time, normal?

hello all experts, 

 

I have encountered a long scanning time,  i launched a malware scan from console to isolated endpoint, the job was created at 15:30 and finished by 05:30 by next day.

 

Guessing when the job was created, either the agent was dis

...

Resolved! Changing Broker VM's internal network subnet

Hi all

Is there a way to change the internal network subnet through other means other than the webui?

The default 172.17.0.1/16 collides with the network this broker vm is on. We are having trouble accessing the webui but somehow we can ssh in. Wante

...

tmeksik by L2 Linker
  • 1696 Views
  • 1 replies
  • 0 Likes

BIOC Rule - CGO V/S Actor_process_image_name

Hi 

I wanted to understand, if i want to see certain cmdline activities from "x" Process.

Want to know what will be more efficient putting the "x" process in "Causality_actor_process_image_name"

or in "actor_process_image" while creating a BIOC

meanmach by L1 Bithead
  • 1778 Views
  • 2 replies
  • 0 Likes

Proofpoint TAP Integration - XQL Query Help

Has anyone worked with PP TAP integration and creating any useful XQL queries to help identify potential malicious mail that a user interacts with?  As example:
Email was not determined "bad" initially but after some sandbox from PP, it is later class

...

  • 2276 Posts
  • 86 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks