This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4323 Views
  • 0 replies
  • 3 Likes

Blocking Bluetooth

Hello, I want to block blueotooth activities on endpoints in Cortex XDR. Is there any way or rule to do this? If yes, can you write rule? Thanks in advance.

Resolved! Is it possible to limit CPU and memory consumption of the Cortex agent?

Hello everybody.If you have any doubts about the community's help story, my Cortex agent is installed on my Windows servers but often consumes a lot of CPU and memory resources from my VMs, this ends up creating many alerts in my monitoring, I would like to understand if it is possible to create some rule or adjustment that would limit the use o...

Resolved! Best way to restrict software by digital signer

hey guys, i'm not clear how to block the running (installing) of certain software using XDR by restricting by digital signer. Is it possible to cerate a BIOC and apply to a restricted profile? If not, what would you say is the best way to go about this?Our scenario is we'd like to block the use / installation of a certain piece of software, and ...

BIOC Block executables based field "Process_File_Info"

Hello, I would like to know if any of you have struggled with support and technical cases with the need I show below. I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Process_File_Info” field in the BIOC. My intention is to block executables and not based on the executa...

agirones by L1 Bithead
  • 1640 Views
  • 2 replies
  • 1 Likes

XDR Policy Baseline/Comparison Tool

Is there a method/tool available that anyone is aware of to better manage multiple policies or quickly/easily identify those policies which may have/need slightly different configurations? For example, if we have 2 dozen policies and there's a new security module we are implementing for the environment, I would like to be able to see which pol...

Behavioral threat detected (rule: bioc.sync.critical_termination) Triggered By Known Good Files

Over the past two weeks we have been seeing detections/blocks from the following rule "Behavioral threat detected (rule: bioc.sync.critical_termination)" for known good files 7z2301-x64.exe (7-zip install) and PhotosService.exe (part of built-in Windows Photos app). We only see the detections on a few systems, many systems have these same files...

jdbst56 by L1 Bithead
  • 2009 Views
  • 3 replies
  • 0 Likes

XDR AGENT ALL DEVICES

Hi everyone, Does anyone know of or have an automation to periodically check if all devices in the company have the Cortex XDR Agent installed I currently use Mapper, but my network is large, with over 35k devices (including computers, printers, access points, and other equipment). How do you manage XDR coverage in your infrastructure? Do you ...

tlmarques by L4 Transporter
  • 1895 Views
  • 2 replies
  • 0 Likes

Cortex XDR Generate Alert when Device is Online

There's many situations where it would be convenient to receive a notification when a device is online. We often run into this when a device is isolated and we are unable to contact a user. Since there is no native ability to trigger an alert or notification I had an idea to run a script on an endpoint that will create a file and then create ...

tc0222 by L0 Member
  • 2635 Views
  • 3 replies
  • 0 Likes

Broker VM

Hi, I have downloaded Broker VM OVA file and installed it on my VMvare. I just wonder about with the following issues. As you know Broker has two IP one for public and one for private. In this part, if i go static, will I be configuring internal or public IP? I mean should I just take one static IP from my internal network for example, 192.16...

JahidAliyev_0-1731635966017.png

General Cortex XQL questions

Hello, I have been unable to confirm the following information in the online guidance I have been looking through. How far back can we run an "All Actions" query in XQL? For example, can we search for file hashes going back 3 months or longer?Also, what is the difference between running an "All Actions" query vs using the XQL Search option? W...

BIOC that will close web browser while opening certain websites

I want to create a BIOC rule that will close web browser (ex. chrome) when I open certain websites (ex. facebook.com and instagram.com). I'm using Network BIOC and I managed to create BIOC rule that applies only to one website (remote host) but I don't see the option where I can add multiple websites (remote hosts). Can you help me with that? Ma...

Resolved! Correlation rules create incident

Hey dear sec community! is there a way to setup an correlation rule, which can block and not only detect?I couldn't find a way. I tried the XQL queries from the libary. https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-correlation-rules/create-a-correlation-rul...

Cyber1985 by L3 Networker
  • 6947 Views
  • 7 replies
  • 0 Likes
  • 2590 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks