Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! Automation rules

Hi all!


Still fairly new to Cortex XDR. Currently trying to make some sensible alert automation rules.
I have a specifik alert that puzzles me. I get some "FTH/SSH client reads office files" alerts. I have a legitimate use case for this, so I want to

...

Allan_Holdt_0-1700558668197.png
aholdt by L1 Bithead
  • 967 Views
  • 2 replies
  • 0 Likes

Scaning files for malware

Is it possible to use Cortex XDR to analyse malicious Microsoft Office files, such as Word, Excel and PowerPoint documents? If I right click on Office file and choose Scan with Cortex XDR will Cortex check if that file is not used for delivering malw

...

Sedlacek by L0 Member
  • 864 Views
  • 2 replies
  • 0 Likes

Cortex XDR Generate Alert when Device is Online

There's many situations where it would be convenient to receive a notification when a device is online.  We often run into this when a device is isolated and we are  unable to contact a user.  Since there is no native ability to trigger an alert or n

...

tc0222 by L0 Member
  • 687 Views
  • 1 replies
  • 0 Likes

Automate Isolation Endpoint

Just wondering if there is somewhere in xdr to tell it to isolate an endpoint automatically if we get a critical/high/medium alert or confirmed malware/ransomware alert.

 

I thought there was something in the profiles to change for active this functi

...

Resolved! Evasion Technique - 3348100960

“Behavior of hiding RWX code by modifying it to RX”

I've been seeing this alert that is considered high criticality and is blocking Windows updates.

 

Everything I can see says that this is benign.

XDR is saying that the Windows process is a non-wh

...

CharlieJohnstonNTS_0-1699971904273.png
CharlieJohnstonNTS_1-1699972124759.png
CJNTS by L2 Linker
  • 1021 Views
  • 1 replies
  • 0 Likes

Cortex XDR trail version for testing purpose.

We are trying to integrate the Cortex XDR incident logs to Splunk using the API pull method. We customised the Splunk TA taking reference from the Splunk TA for Palo Alto NW.  So is there a trail version of Cortex XDR available in order to test the i

...

RK21VTH by L0 Member
  • 807 Views
  • 1 replies
  • 0 Likes
  • 1989 Posts
  • 78 Subscriptions
Top Liked Authors