Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

CORTEX XDR - Best practices

Hi everyone !

 

I'm a beginner on CORTEX XDR, and need some help for 2 things !

 

- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many differen

...

MxC604 by L0 Member
  • 872 Views
  • 1 replies
  • 0 Likes

Resolved! XQL datasets

Is there a comprehensive document containing all the datasets that are currently available? We've noticed that datasets such as "incidents_artifacts" or "incidents" are not displayed in the autofill text in XQL. We would greatly appreciate having a c

...

Allow based on certifcate issuer?

We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previousl

...

Resolved! Response Action

There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.

 

Which application access should ideally be provided in it.

 

Thanks

Resolved! Yara Rules and Cortex XDR

I have seen alerts screenshot on internet where an alert triggered after matching a Yara rules.

 

https://attackevals.mitre-engenuity.org/enterprise/participants/paloaltonetworks?adversary=carbanak-fin7&view=results&scenario=1

(Fourth Screenshot)

 

Does C

...

KanwarSingh01_1-1648928772751.png
KanwarSingh01_0-1648928403368.png

Resolved! XQL Command Line Help

All,

Trying to write a XQL query to search for this Windows command line when executed. Can anyone tell me how to distinguish the command line parameters "domain computers" in XQL? Thanks.

 

actor_process_command_line = "%systemroot%\system32\net.exe

...

Resolved! Cortex XDR malware scan

Hello ,

 

Does anyone know the difference between the Malware scan initiated from console and Scan initiated by user locally for all drive? Does cortex XDR also scans the memory and registries in the full scan initiated? and how long it should take a

...

EvilExtractor

We have concerns about the Evil Extractor malware posted here: https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealer
I have not been able to find anything on the PA Cortex or Firewall Pages and need to get information back to

...

Resolved! Reporting in Cortex XDR Pro on more pages

Hello dear community, 

 

my supervisor needs a monthly report about still vulnerable agents. 

I got allready an XQL, which I used for the dashboard. 

 

config timeframe between "-1y" and "+5d"
|dataset = host_inventory
| arrayexpand kbs
| alter kbnr =

...

RFeyertag by L4 Transporter
  • 934 Views
  • 4 replies
  • 0 Likes
  • 1771 Posts
  • 78 Subscriptions
Top Liked Authors