This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4398 Views
  • 0 replies
  • 3 Likes

Cortex XDR False Positive Report

Hello everyone, We develop some applications and our customer told us when they install the application, it gives a malicious warning for a sub installer "gcad_local.exe". Is it possible to submit the file to Cortex XDR and add it to whitelist in some way? Cortex XDR

york by L0 Member
  • 2096 Views
  • 2 replies
  • 0 Likes

Telemetry on visited web pages

Hello everyone,My employer is going to install Cortex on the employees' PCs.Is this software able to monitor the time spent on the internet and the websites visited please?Thank you in advance.

emit0421 by L0 Member
  • 1351 Views
  • 3 replies
  • 0 Likes

Resolved! Access id denied error on Live Terminal session

During the live terminal session I did to an endpoint, I couldn't move/copy/rename text files with neither CMD nor Powershell. I always get the Access is denied error. What access rights does Cortex live terminal operates at? Is there any way to run it as admin?

SSH access to Broker VM impossible/failed

Hi everyone,I'm trying to access my VM Broker with SSH in admin mode but without success. In the Broker configuration, I use the command : ssh -i [/path/to/private.key] admin@[broker_vm_address] then I connect to the Broker machine without any problem. But when I do a “sudo -su”, I can't access in “super admin” mode. Do you have any suggestion...

S.Vilon by L1 Bithead
  • 2172 Views
  • 2 replies
  • 0 Likes

Vuln drivers - scan

Hi, Anyone know if is possible to retrieve the devices with drivers with vulnerabilities?I've a lot devices with Cortex XDR and my objective is force IT guys, update vulnerable drivers etc.

tlmarques by L4 Transporter
  • 1570 Views
  • 2 replies
  • 0 Likes

XDR API for Policy Management

Is there an API in XDR for Policy Management? I'm trying to get the list of policies, profiles and their rules. There is /public_api/v1/endpoints/get_policy (Get Policy • Cortex XDR REST API • Reader • Palo Alto Networks documentation portal) However, this just gives the Policy Name for a specific Endpoint.

RishitShah_0-1703167831594.png

Blocking Bluetooth

Hello, I want to block blueotooth activities on endpoints in Cortex XDR. Is there any way or rule to do this? If yes, can you write rule? Thanks in advance.

Resolved! Is it possible to limit CPU and memory consumption of the Cortex agent?

Hello everybody.If you have any doubts about the community's help story, my Cortex agent is installed on my Windows servers but often consumes a lot of CPU and memory resources from my VMs, this ends up creating many alerts in my monitoring, I would like to understand if it is possible to create some rule or adjustment that would limit the use o...

Resolved! Best way to restrict software by digital signer

hey guys, i'm not clear how to block the running (installing) of certain software using XDR by restricting by digital signer. Is it possible to cerate a BIOC and apply to a restricted profile? If not, what would you say is the best way to go about this?Our scenario is we'd like to block the use / installation of a certain piece of software, and ...

BIOC Block executables based field "Process_File_Info"

Hello, I would like to know if any of you have struggled with support and technical cases with the need I show below. I would like to know what you can tell me or give me your opinion of blocking executables based on static metadata using the “Process_File_Info” field in the BIOC. My intention is to block executables and not based on the executa...

agirones by L1 Bithead
  • 1744 Views
  • 2 replies
  • 1 Likes

XDR Policy Baseline/Comparison Tool

Is there a method/tool available that anyone is aware of to better manage multiple policies or quickly/easily identify those policies which may have/need slightly different configurations? For example, if we have 2 dozen policies and there's a new security module we are implementing for the environment, I would like to be able to see which pol...

Behavioral threat detected (rule: bioc.sync.critical_termination) Triggered By Known Good Files

Over the past two weeks we have been seeing detections/blocks from the following rule "Behavioral threat detected (rule: bioc.sync.critical_termination)" for known good files 7z2301-x64.exe (7-zip install) and PhotosService.exe (part of built-in Windows Photos app). We only see the detections on a few systems, many systems have these same files...

jdbst56 by L1 Bithead
  • 2187 Views
  • 3 replies
  • 0 Likes
  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks