This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4338 Views
  • 0 replies
  • 3 Likes

How to Filter Alerts/Incidents by IP address?

I am trying to correlate exfiltration & port scanning incidents to identify patterns pertaining to a specific IP address to build exceptions or exclusion's for false-positives. They are not our assets, but an IP we communicate with frequently. The filter dropdown doesn't show anything useful for this. I can't wrap my head around why they ...

Resolved! Increasing severity for certain critical hosts or visible tagging

Is there a way to make certain server hosts show as critical servers? We have a certain amount of servers we'd like any incident related to them be automatically a critical or high alert when XDR creates an incident for them. I've created say a "Critical Server" asset group and put servers in there put how do I make any incident triggered automa...

C.Perez by L1 Bithead
  • 1950 Views
  • 3 replies
  • 0 Likes

XDR 8.2.1 on domain controllers keeps disconnecting from tenant

Hi all, we are observing this behaviour on some domain controllers where xdr agents losing connection to tenant and the only way-out is to remove them via xdr cleaner and reinstall, only to fail again in a bunch of days. We are out of ideas, obviously no blocking is in place between agents and paloalto remote systems, servers are only acting as ...

Resolved! Cortex WIndows ulnerability assessment

"A few months ago, I heard that Cortex only detected application vulnerabilities on Linux, but on Windows, it only detected OS vulnerabilities. Is this issue resolved now, and does Cortex detect application vulnerabilities on Windows?"

Resolved! Cortex XDR Ransomware Protection: Aggressive mode & Resource Optimization

Hello Community, I have a question regarding Cortex XDR in Aggressive Mode. During my testing, I noticed that it significantly impacts my machine's performance, as the Cortex XDR agent continuously analyzes the behavior of benign software, such as browsers. To optimize resource usage and performance, is it possible for Cortex XDR to analyze th...

Resolved! Cortex XDR

How to Create a child tenant in cortex XDR?? I created the Parent Tenant and its activated but there is no option to create the child tenant!! Cortex XDR Cortex XSOAR

AAlsaadi_0-1735493194074.png
AAlsaadi by L1 Bithead
  • 1495 Views
  • 1 replies
  • 0 Likes

Ingest AWS GuardDuty logs

Dear community, I'm seeking help to ingest AWS Guardduty logs into Cortex XDR. I did check the documentation and only found the method to ingest AWS assets, Flow log via S3 and Route53 via S3. I don't mind the AWS guardduty logs is not normalized, the objective is to get the logs into the Cortex XDR platform. Appreciate if you could share yo...

Resolved! Is it possible to trigger insights collection on multiple hosts?

Hi, I know that I can go to Endpoint Data -> Open Asset View -> Open Asset View in new tab and then use "Run Insight collection" but from time to time I need to do this on around 50 hosts so this option is not really practical. I wasn't able to find any option which allows me to trigger this on multiple host, is it possible?

Resolved! no alerts no incident

Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?

Agent update failed

3 computers failed to update the agent,current version 8.4.1.53273 and target version is 8.5.0.624. PC1 Additional Date:Windows Installer DB: Extra reference(s) to agent component(s); PC2 Additional Date:Windows Installer DB: Current agent registration is missing; PC3 Additional Date:Insufficient log content.

zhouming by L0 Member
  • 2091 Views
  • 1 replies
  • 0 Likes

Configuring alerts in Cortex XDR to prevent incident generation

Hello, I want to configure certain NGFW alerts in Cortex XDR so that they no longer generate incidents based on criteria such as the alert name, source zone, and destination zone. I do not want to completely hide the alert with an "Alert Exclusion" because I want it to be linked to an incident for correlation with other actions. Would reducing...

Cortex XDR Agent in a Non-Persistent VDI and Paths Outside the Gold Image

Hello everyone. We have recently experienced a problem in a non-persistent VDI infrastructure where we have many terminal servers used by users.These users may be using portable software that resides on shared folders and when the users use this software they may experience a significant slowdown.I believe that this problem is due to the fact th...

XDRFanIT by L0 Member
  • 1281 Views
  • 1 replies
  • 0 Likes
  • 2593 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks