This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Resolved! Cortex XDR on Windows blocks Ansible

Hello all, I'm trying to switch to Ansible for my Windows application deployments (among other things), but Cortex XDR blocks everything Ansible tries to do with a Behavioral Threat response (it works via powershell.exe -EncodedCommand). What are the best practices for using Ansible on an endpoint protected by Cortex XDR?

cortex broker log collector in HA Active Pasive

Good morning, dear friends, I am facing the challenge of installing 2 broker VMs in HA (Active - Passive) as Log Collectors to receive logs from different data sources. My biggest concern and doubt is the configuration of the HA architecture of the 2 brokers since I read that a Load Balancer is required but I don't have much detail about it. ...

Upgrade Cortex XDR Agent VDI workstation through Console

Hi peeps, Just checking, I've noticed today that I can initiate upgrade cortex agent for VDI workstation through console (from 8.4.1 to 8.5.1 version). Even on the pop-up agent upgrade there's still note saying "Note: VDI and Android agents cannot be upgraded." but I did it anyway and it worked. I also checked on the docs which also still me...

Resolved! Cortex xdr Linux agent Virtual Installation

Hi Team, We have a query regarding the installation of the Cortex XDR Linux agent on the Virtual machine. We followed the steps mentioned in the document https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/8.4/Cortex-XDR-Agent-Administrator-Guide/Install-the-Cortex-XDR-agent-for-Linux and successfully installed it. we are facing an issue wh...

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

Hi , How to check for the below actions in xql builder. please help in developing a query The attacker sends a DCE/RPC request to the Victim Server Machine The Victim is triggered to send a DNS SRV query about SafeBreachLabs.pro The Attacker’s DNS server responds with the Attacker’s hostname machine and LDAP port The Victim sends a broadca...

Resolved! Mass Script endpoiints

Hi everyone, anyone know if is possible sent a script for multiple devices?I've a python msg script...i need run this script for multiple machines/groups.How i can do that??

tlmarques by L4 Transporter
  • 1081 Views
  • 1 replies
  • 0 Likes

Cortex XDR Hardware Requirements

Hi All,Below are the hardware requirements mentioned in the palo alto documentation to install Cortex XDR on a linux machine. Could you please confirm if this RAM (4Gb/8GB) and Hard disk space (10GB) mentioned is needed as the total minimum RAM/hard disk space on the machine ( which other apps/processes can also consume) or is it required dedica...

SKhurana_0-1736319708645.png

How to Filter Alerts/Incidents by IP address?

I am trying to correlate exfiltration & port scanning incidents to identify patterns pertaining to a specific IP address to build exceptions or exclusion's for false-positives. They are not our assets, but an IP we communicate with frequently. The filter dropdown doesn't show anything useful for this. I can't wrap my head around why they ...

Resolved! Increasing severity for certain critical hosts or visible tagging

Is there a way to make certain server hosts show as critical servers? We have a certain amount of servers we'd like any incident related to them be automatically a critical or high alert when XDR creates an incident for them. I've created say a "Critical Server" asset group and put servers in there put how do I make any incident triggered automa...

C.Perez by L1 Bithead
  • 1932 Views
  • 3 replies
  • 0 Likes

XDR 8.2.1 on domain controllers keeps disconnecting from tenant

Hi all, we are observing this behaviour on some domain controllers where xdr agents losing connection to tenant and the only way-out is to remove them via xdr cleaner and reinstall, only to fail again in a bunch of days. We are out of ideas, obviously no blocking is in place between agents and paloalto remote systems, servers are only acting as ...

Resolved! Cortex WIndows ulnerability assessment

"A few months ago, I heard that Cortex only detected application vulnerabilities on Linux, but on Windows, it only detected OS vulnerabilities. Is this issue resolved now, and does Cortex detect application vulnerabilities on Windows?"

  • 2589 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks