Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1284 Views
  • 0 replies
  • 3 Likes

Resolved! Broker VM upgrade control (Delay)

Hi Team,

 

As we faced the mass issue of BSOD due to Crowdstrike, there's a query by management team that can we delay the agent upgrade or we can say can we control upgrade process of Broker VM if we want to hold the version on any specific version.

Cortex XDR CE version

How to know if Cortex XDR version is CE.

 

Will it show on the table when I go to Endpoints ----> All Endpoints and on the Agent Version Field it should have for example 7.9.102CE, if it shows 7.9.102 only then it is a standard version? 

 

Thank you.

Thank you!

Hello dear community!

 

Thank you all readers and writers for the huge content of help and useful information in this livecommunity!

 

And also thank you for your valuable time! 

 

BR

 

Rob

 

 

RFeyertag by L4 Transporter
  • 781 Views
  • 1 replies
  • 1 Likes

Filter over 100 CIDR

Hello,

 

I have an XQL query and I need IPs to be displayed if they are in some CIDR.

I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them.

Example : 

filter incidr(ip_address, "1...

XQL : Need help with json_extract

Dear Community,


I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.

Sample data:

{"RuleOperation":"AddMailboxRule","RuleId":"0","RuleState":"Enabled, ExitAfterExecution","RuleCondition":"{(SubString I...

  • 2412 Posts
  • 89 Subscriptions
Top Solution Authors
Top Liked Authors