This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Cortex XDR trail version for testing purpose.

We are trying to integrate the Cortex XDR incident logs to Splunk using the API pull method. We customised the Splunk TA taking reference from the Splunk TA for Palo Alto NW.  So is there a trail version of Cortex XDR available in order to test the i

...

RK21VTH by L0 Member
  • 1051 Views
  • 1 replies
  • 0 Likes

Script for Agent Upgrades

Does anyone know of a way to build/apply a script in XDR that would perform agent upgrades at scheduled times? 

Example: upgrade to latest agent version on 10 endpoints starting at 8PM on Saturday. 

Disk Decryption on MAC OS

Hi Everyone,

 

I'm seeking for help on how to decrypt the drive on MAC OS after the encrypting the drive using the Cortex XDR Tenant/Console?

 

I tried to check and use on this documentation guide by Palo Alto Networks but I think it is not working o

...

EJaspe by L1 Bithead
  • 1025 Views
  • 3 replies
  • 0 Likes

XDR and XSOAR mirroring fails

Hi, I have XDR integrated with XSOAR for bidirectional incident mirroring...

 

The strange thing is that when I close incidents in XSOAR as false positives, they appear as 'Resolved other' in XDR via the API...
If I close incidents as false positives

...

tlmarques by L4 Transporter
  • 932 Views
  • 2 replies
  • 0 Likes

Resolved! exclusions vdi non-persistent

Hello, does anyone know if there is any document that tells us which folders and subfolders we should exclude from XDR when using Citrix and VMware Horizon with non-persistent VDI?

 

In Palo Alto's documentation, I don't see anything specific except

...

tlmarques by L4 Transporter
  • 1972 Views
  • 3 replies
  • 0 Likes

eXtended Threat Hunting (XTH) Module

Hi team,

Got a renewal quotation with new XTH module.

Heard eXtended Threat Hunting (XTH) Module is about query the raw data for threat hunting.

Still not so sure what is the new module is used for?

What is the use case to purchase this lic in additi

...

Resolved! How to use two datasets in a query

Hi,

I hope you can shed some light.  I am attempting to run a query to find out what system is running what applications including the username.

I have this query which gives me what I need except the "user" which is a field in another dataset xdr_da

...

Application Severity Score

Hi, I noticed a "Severity Score" in Applications under Host Inventory but there doesn't seem to be any scoring happening. Is this apart of a license we may not have or does this not function the way I would imagine? I assumed maybe CVEs for applicati

...

DopedWafer_0-1700080391735.png

AWS tags in the Cloud info field?

We have hundreds of AWS assets with lots of information in Cloud Info, but none have anything in the tags field.

 

Has anyone else seen (not seen) this?

Just to clarify, I am not talking about Cortex XDR tags.

 

Thanks

PCTomS_0-1697840876761.png
PC-TomS by L3 Networker
  • 927 Views
  • 3 replies
  • 0 Likes

User details

Hi Team,

 

Can we check user details on the XDR console - Local user with admin privileges?

 

Any way to identify such users?

 

Regards,

Shahwaz

XDR on Linux Appliances

Hi All,

 

Can XDR be installed on these servers -

  • Checkpoint
  • Force Point DLP Protector
  • Cisco Expressway
  • Trend Micro - Smart Protection
  • Z Scaller Application
  • Trellix-NDLP

Thanks,

Shahwaz

 

  • 2074 Posts
  • 81 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks