This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

FTP Transfer Custom BIOC

Hello Palo Alto LiveCommunity, I’m currently working on a task where I need to create a custom BIOC (Behavioral Indicator of Compromise) and add it to a restriction profile to block FTP command lines. Specifically, I want to prevent FTP-related commands from being executed by monitoring and restricting certain patterns. I also need help with...

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

LSA Protection and antimalware DLL loading

We currently have deployed LSA Protection and code integrity in Windows 11 (build 24H2). Cortex XDR agent 8.6.0 is installed. When trying to load a DLL from another security tool (Ivanti Device and Application Control), Code Integrity is blocking the action with the following error: Code Integrity determined that a process (\Device\HarddiskVol...

error.PNG

USB drive Alert

kindly we need your support, I want to get alert when a USB drive is connected to workstation and not blocked by Symantec AV. I have tried several times with correlation rule, I found XQL query very effective, and it is as follows: Spoiler (Highlight to read)config case_sensitive = false| preset = device_control | filter event_sub_type = ENU...

Receiving unwanted notification from cortex XDR on IOS

Dear all, Kindly note that we are receiving when exiting the cortex XDR APP always the notification : Cortex XDR: App terminated!The agent is not runningTap to open the Cortex XDR app and leave it running in the background ( also image attached to this thread). I need your urgent support to disable or deny receiving such notification.

Resolved! Forensic investigations for Linux platform

The Forensic investigations feature in Cortex XDR truly impressed me; it saves me a lot of time collecting evidence during investigations. But why does Cortex XDR only support Forensic investigations for two platforms, Windows and macOS? Windows is common, but why macOS, and not Linux and its popular distributions like Redhat, CentOS, Ubuntu? Mo...

Install Cortex Agent on on-prem k8s

Hello, Anyone have experience installing XDR agent on on-prem cluster with docker installed. The agent compatibility matrix mentioned XDR version 8.6 is supported https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Compatibility-Matrix/Kubernetes-platforms-supported-with-Cortex-XDR However, the agent installation guide only Clo...

SeanDeHarris_0-1736752540698.png
SeanDeHarris_1-1736752617384.png

Unable to install Cortex XDR agent!

We are encountering an error during the installation of the Cortex XDR agent on one of the machines. "Cortex xdr requires rollback/Commit to be enabled" Could you kindly provide the solution to resolve this issue? Cortex XDR

AAlsaadi_0-1736876063576.png
AAlsaadi by L1 Bithead
  • 2058 Views
  • 2 replies
  • 0 Likes

Difference between system reboot and agent services off

Hi, We have to configure 3 alerts that are sent via email. Condition 1: When cortex agent services are stopped then raise an alert via email. Condition 2: When system is powered off/turned off then wait will 10 minutes, if systems do not come back in Powered on status, then raise an alert via email. Condition: When there are 10/20 system...

I.Naseer by L1 Bithead
  • 863 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XDR on Windows blocks Ansible

Hello all, I'm trying to switch to Ansible for my Windows application deployments (among other things), but Cortex XDR blocks everything Ansible tries to do with a Behavioral Threat response (it works via powershell.exe -EncodedCommand). What are the best practices for using Ansible on an endpoint protected by Cortex XDR?

  • 2601 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks