Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

HELP - XQL QUERY For XDR and XSOAR

Hi,

I am creating a playbook with the objective of integrating Cortex XSOAR and Cortex XDR .

The idea is for Cortex XSOAR to query Cortex XDR , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the

...

Cortex XDR

Hello, Is there any possibility that the customer may utilize Cortex XDR agent in two domains, taking into account that first one has tenant id, the other doesn't?

Thank you in advance.

Cortex XDR Agent Service Get Stopped.

Hello Guys!

Just wanted a clarification that once the Cortex XDR agent service : cyserver.exe get stopped due to any reason.

1.How the system service restarts again ?

2. How many or frequency of heartbeats does cortex xdr agent send to Cortex XDR

...

Difference between Detected and Detected (Reported)

I need to know the difference between both actions seen in alerts and if it's related to profiles configuratios(Block, Report Disabled). If it's set to Report, the action will appear like Detected (Reported) because it could be blocked?

Resolved! Microsoft Store Blocker

Dear,

Its it possible to block Micorsoft Store using cortex?

Linux RHEL kernel support isn't fast enough - problem

Hello,

After using Cortex XDR on Linux RHEL for several months, we've observed that the support turnaround time for new RHEL kernels (from RHEL 6 to 9) is highly unpredictable. This can range anywhere from 2 to 10 weeks. Without supported ker

...

Unable to add multiple folders in exclusion list

Hi Team,

Am unable to add multiple folders under Exception configuration page. I have 20+ folders which i need to exclude in Cortex XDR, i went to Exception Configuration-->Disable Prevention policy-->Add Rule. I have to do this each every time for e

...

Remove enopoint XDR Cortex

Can i remove XDR Agent from PC and i don*t have supervisor password for disable antitampering...

Endpoint are not showing in XDR Console...

please help, i have problems with cca 200pc

best regards...

Resolved! .csv format change

Hi,

I've just noticed this recently. A while ago when I added .csv file to a report, it was formatted with coma between columns. Now it is using a tab what cusses export to Excel more difficult. Is any setting which can be use to change it back?

Resolved! Vulnerable applications under Windows

Hello dear community,

is this now the long awaited feature, which gives us the possibility to have a CVE-scoring on Windows applications?

Rob

Resolved! Why Task Manager - Prompt the Alerts: Behavioral Threat

Dear All,

Do you know why the content updated, cannot open the task manager?

Cortex XDR

            "ruleId": "bioc.masqueraded_process_msft",
            "fileIdx": 0,
            "modules": [],
            "profile": "Malware",
            "sockets"

...

Resolved! Legacy agent exception and Disable prevention rule

What is the difference between Legacy agent exception and Disable prevention rules?

This was asked in another discussion but the answer does not resolve the question asked (https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/exception-and-e

...

Cortex XDR 3.10 and endpoint slowness

3.10 activated in our tenant yesterday and along with that, our endpoints started upgrading to 8.3 (we are one release behind the latest).

This morning we were deluged with calls about unresponsive endpoints.

We stopped the automatic endpoint upgra

...

XQL Question - Aggregation by field of type array is unsupported

I'm trying to run a query to get a count of how many times combinations of the values in "initiated_by" and "initiator_path" occur for an alert in the alerts dataset.

For example:

binary1.exe c:\temp\blah 6
binary2.exe c:\temp\blahblah 12

I'm trying to

...

Whitelist our backup software

Hello,
I do represent a company called Arx One. We have been publishing a backup software suite (backup agent, agent management console) for more than 15 years now and those software are installed on our customers' workstations, servers or NAS (Window

...

User

Count

User

Likes Count

2 Likes

1 Likes

Cortex XDR Discussions

Discussions