Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi,
I would like to check whether there is a way how customer can ingest IOC in form of the JA3 hashes into XDR?
thanks
Ondrej
Hi ALL,
New to XDR world,
I am have a XQL query against a 2FA log which looks for user login (fail or success) from 2 different countries in 3 hours.
Query looks like
dataset in (XXX_raw)
| filter eventType = "User.Login" // look for login events
|
Hi,
we have successfuly integrated ServiceNow CMDB into Cortex XDR and have fetched data to datasets servicenow_cmdb_*.
We did not find in the Admin guide information how and if those ServiceNow CMDB data will be propagated into Asset information i
...
Hi Everyone,
I would like to force reconnect the workstation that is in old Cortex Tenant to the new Cortex Tenant we have.
Is is possible to create a batch file for this so it can help us to work easily? is the .bat format applicable in MAC OS?
...
Hi People,
I was wondering if anyone could assist me with XQL Query to display the Incident name. Please refer to the attached photo to get an idea of what I am trying to achieve. I have used the xdr_data dataset, however i cannot find the relevan
...
Can anyone help me how to retrive endpoint logs from data lake via XQL
Hi,
What correlation rules and BIOCs created manually do you suggest?
Regards,
Fábio Ferreira
Hi,
Is there any Cortex agent customization suggested or best practice docs for Windows Terminal servers and Windows DC Servers
Hi everybody !
I would like to find out how to download the XdrAgentCleaner.exe to remove cleanely old xdr cortex agent ?
We have several computers on which we cannot uninstall the old agent, you will find the message attached.
I have already follow
...
Existe uma forma de forçar a remoção do Cortex 7.9 do ambiente que eu não tenho mais senhas de gerenciamento ou remoção, já que o parceiro rescindiu o contrato e não forneceu o mesmo.
Hi Community
We're facing an connection issue with Endpoints using Broker VMs (agent proxy). We opened a TAC case, but it's stuck. There is no useful help yet.
- Endpoints are isolated from the internet (no direct or webproxy access)
- Endpoints are
Hello Team,
We need to change rsyslog.conf file. Please let us know if this file can be changed and is it recommended to integrate the BVM server with the SIEM?
Hi,
We've a problem with installation cortex xdr 8.1 on Windows Server 2008/2012 and Windows10_v1607....
All machine need the AZURE update https://support.microsoft.com/en-us/topic/kb5022661-windows-support-for-the-azure-code-signing-program-4b505a31-f
Hello dear community,
is it possible not to overwrite disabled IOC with API Upload? If the indicator is disabled, it should stay disabled. But atm it isn't like that, the indicator is beeing deleted, written into the ioc table and get's activated
...
How to generate private and public key pair for accessing DR broker VM and let us know how to use the key pair to access the BVM.
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
