Number of incidents per month on cortex XDR
Hello,
Does anyone know how to generate a report of the number of incidents per month on cortex ?
I can only generate for the current month and not for the past months.
Thanks in advance.
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hello,
Does anyone know how to generate a report of the number of incidents per month on cortex ?
I can only generate for the current month and not for the past months.
Thanks in advance.
Greeting to all!
I have faced an interesting use case with Cortex XDR and I haven't seen solution to it ever before.
Short description of the situation - We have a successful vulnerability exploitation event. We know for sure, that it was exploited an
Dear Palo Alto Community,
I hope this message finds you well. As an active member of the community, I would like to reach out and seek your expertise regarding the capabilities of Cortex XDR, specifically in relation to the integration of URL Indic
...
Hi
does anyone know
How to add investigation powershell to the Agent script Library of XDR Action Center. That I can choose it to do incident investigation when using XDR interactive script mode
Dear Community,
When I first started the Cortex XDR Project and started installing the agents, I made a mistake and deleted the outdated installation packages from the portal.
After that I started getting a lot of disconnected agents as if they try
...
Hi, we have recently malware scanned an endpoint and upon checking the results, it appears that there were 3 malicious files on the host.
Now, I tried to right click and view related alerts on the 3 malicious files and it just shows nothing. What's
...
Hello Everyone,
We use below endpoint to collect the alerts:
Hello,
We have users from different places and different timezone. We noticed that it is not possible for a user to change their timezone if they don't have the General Configuration View/edit permission. Is there any other way to allow a user to c
...
Dear Community,
After modifying the password for a Windows user, the user account is continually locked out.
Using Process Monitor, it was discovered that the XDR service (cyserver.exe) read cached credentials(C:\ProgramData\Cyvera\LocalSystem\Python\
Hello,
I am looking to create a Cortex XDR alert when a user is added to a privileged group in Active Director. I can get the alerts when a user is added to any group, but I am looking for only privileged groups.
Hello all,
I find it strange that I cannot easily check the connected or previously logged in users on an endpoint. For example on Asset View or from Endpoints view I cannot see that.
There is the possibility to see it only on an incident I guess. But
Hello dear community,
we had not enough host insights licenses. About 13 agents are not available in the module system information.
Where is the trigger to say one or more of them should now gather or send the informations to Host Insights?
Thi
...
Hello Everyone,
We are pulling alerts from the XDR API using below endpoint:
Hello,
I have a system running workloads that is sensitive to CPU usage. The primary users have raised an issue that our currently applied XDR profile is causing detrimental delays in job processing. I confirmed this by disabling the agent to obser
...User | Count |
---|---|
9 | |
5 | |
3 | |
1 | |
1 |