This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4397 Views
  • 0 replies
  • 3 Likes

LDAPNightmare: SafeBreach Labs Publishes First Proof-of-Concept Exploit for CVE-2024-49112

Hi , How to check for the below actions in xql builder. please help in developing a query The attacker sends a DCE/RPC request to the Victim Server Machine The Victim is triggered to send a DNS SRV query about SafeBreachLabs.pro The Attacker’s DNS server responds with the Attacker’s hostname machine and LDAP port The Victim sends a broadca...

Resolved! Mass Script endpoiints

Hi everyone, anyone know if is possible sent a script for multiple devices?I've a python msg script...i need run this script for multiple machines/groups.How i can do that??

tlmarques by L4 Transporter
  • 1156 Views
  • 1 replies
  • 0 Likes

Cortex XDR Hardware Requirements

Hi All,Below are the hardware requirements mentioned in the palo alto documentation to install Cortex XDR on a linux machine. Could you please confirm if this RAM (4Gb/8GB) and Hard disk space (10GB) mentioned is needed as the total minimum RAM/hard disk space on the machine ( which other apps/processes can also consume) or is it required dedica...

SKhurana_0-1736319708645.png

How to Filter Alerts/Incidents by IP address?

I am trying to correlate exfiltration & port scanning incidents to identify patterns pertaining to a specific IP address to build exceptions or exclusion's for false-positives. They are not our assets, but an IP we communicate with frequently. The filter dropdown doesn't show anything useful for this. I can't wrap my head around why they ...

Resolved! Increasing severity for certain critical hosts or visible tagging

Is there a way to make certain server hosts show as critical servers? We have a certain amount of servers we'd like any incident related to them be automatically a critical or high alert when XDR creates an incident for them. I've created say a "Critical Server" asset group and put servers in there put how do I make any incident triggered automa...

C.Perez by L1 Bithead
  • 2079 Views
  • 3 replies
  • 0 Likes

XDR 8.2.1 on domain controllers keeps disconnecting from tenant

Hi all, we are observing this behaviour on some domain controllers where xdr agents losing connection to tenant and the only way-out is to remove them via xdr cleaner and reinstall, only to fail again in a bunch of days. We are out of ideas, obviously no blocking is in place between agents and paloalto remote systems, servers are only acting as ...

Resolved! Cortex WIndows ulnerability assessment

"A few months ago, I heard that Cortex only detected application vulnerabilities on Linux, but on Windows, it only detected OS vulnerabilities. Is this issue resolved now, and does Cortex detect application vulnerabilities on Windows?"

Resolved! Cortex XDR Ransomware Protection: Aggressive mode & Resource Optimization

Hello Community, I have a question regarding Cortex XDR in Aggressive Mode. During my testing, I noticed that it significantly impacts my machine's performance, as the Cortex XDR agent continuously analyzes the behavior of benign software, such as browsers. To optimize resource usage and performance, is it possible for Cortex XDR to analyze th...

Resolved! Cortex XDR

How to Create a child tenant in cortex XDR?? I created the Parent Tenant and its activated but there is no option to create the child tenant!! Cortex XDR Cortex XSOAR

AAlsaadi_0-1735493194074.png
AAlsaadi by L1 Bithead
  • 1558 Views
  • 1 replies
  • 0 Likes

Ingest AWS GuardDuty logs

Dear community, I'm seeking help to ingest AWS Guardduty logs into Cortex XDR. I did check the documentation and only found the method to ingest AWS assets, Flow log via S3 and Route53 via S3. I don't mind the AWS guardduty logs is not normalized, the objective is to get the logs into the Cortex XDR platform. Appreciate if you could share yo...

Resolved! Is it possible to trigger insights collection on multiple hosts?

Hi, I know that I can go to Endpoint Data -> Open Asset View -> Open Asset View in new tab and then use "Run Insight collection" but from time to time I need to do this on around 50 hosts so this option is not really practical. I wasn't able to find any option which allows me to trigger this on multiple host, is it possible?

Resolved! no alerts no incident

Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?

  • 2610 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks