This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

Ingest AWS GuardDuty logs

Dear community, I'm seeking help to ingest AWS Guardduty logs into Cortex XDR. I did check the documentation and only found the method to ingest AWS assets, Flow log via S3 and Route53 via S3. I don't mind the AWS guardduty logs is not normalized, the objective is to get the logs into the Cortex XDR platform. Appreciate if you could share yo...

Resolved! Is it possible to trigger insights collection on multiple hosts?

Hi, I know that I can go to Endpoint Data -> Open Asset View -> Open Asset View in new tab and then use "Run Insight collection" but from time to time I need to do this on around 50 hosts so this option is not really practical. I wasn't able to find any option which allows me to trigger this on multiple host, is it possible?

Resolved! no alerts no incident

Hi everyone, i have an issue. Cortex receives data from data sources (endpoints, servers etc) but i can not see alerts and incidents. My dashbord shows 0 alert and 0 incident. Who could help to me?

Agent update failed

3 computers failed to update the agent,current version 8.4.1.53273 and target version is 8.5.0.624. PC1 Additional Date:Windows Installer DB: Extra reference(s) to agent component(s); PC2 Additional Date:Windows Installer DB: Current agent registration is missing; PC3 Additional Date:Insufficient log content.

zhouming by L0 Member
  • 2125 Views
  • 1 replies
  • 0 Likes

Configuring alerts in Cortex XDR to prevent incident generation

Hello, I want to configure certain NGFW alerts in Cortex XDR so that they no longer generate incidents based on criteria such as the alert name, source zone, and destination zone. I do not want to completely hide the alert with an "Alert Exclusion" because I want it to be linked to an incident for correlation with other actions. Would reducing...

Cortex XDR Agent in a Non-Persistent VDI and Paths Outside the Gold Image

Hello everyone. We have recently experienced a problem in a non-persistent VDI infrastructure where we have many terminal servers used by users.These users may be using portable software that resides on shared folders and when the users use this software they may experience a significant slowdown.I believe that this problem is due to the fact th...

XDRFanIT by L0 Member
  • 1309 Views
  • 1 replies
  • 0 Likes

How to Effectively Restrict Specific Files Across All Locations in Cortex XDR?

I am facing a challenge in Cortex XDR regarding file restrictions. When we need to block a specific file on endpoints, we add its file path to the restriction profile. This effectively blocks users from accessing or opening the file in the specified location. However, the issue arises when a user copies the restricted file and pastes it into a...

Managing Updates (Content & Agent Upgrades)

Hello dear community, I have a few questions how did you implemented your staging in Cortex XDR? Or did you say, no we trust PA and do not delay the content updates? It is all about these two categories in the agent settings: Content Auto-Update: 1. How long do you delay the content update with the setting "Setting Contenton"=enabled yo...

RFeyertag_0-1734720697054.png
RFeyertag_1-1734721039341.png
RFeyertag by L4 Transporter
  • 1171 Views
  • 1 replies
  • 1 Likes
  • 2600 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks