This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Resolved! Adding file and folder exclusions

We have a security camera server that's been throwing out low memory resource messages and the company that provides the software claims that Cortex XDR endpoint client is causing memory leaks. There are no incidents being triggered by this server and the memory usage of Cortex is always under 1GB of memory. They have provided documentation tha...

Disabled Capabilities of XDR on instaallation

Hi all, in one of our customers with the installation of XDR agent version 8.5 the Response Capabilities (File Retrieval, Live Terminal, Script Execution) were disabled from the very beginning on many of the endpoints. As there is no other way, the agents were uninstalled and reinstalled as a solution. But we could not identify the main reason...

AbdBgc by L2 Linker
  • 2407 Views
  • 2 replies
  • 0 Likes

I ingested the Checkpoint firewall logs into Cortex XDR, now what should I do?

Hi, Some time ago I connected the CheckPoint Firewalls with Cortex XDR and I can now see the alerts from the Cortex console. My question is, what should I do now with the alerts? Since the FW is generating more than 100 incidents a day.I had created an exclusion rule for the incidents that are registered as blocked, but this made me lose vis...

How IOCs are detected?

Hi, I've recently noticed that an IOC that we created a month ago is still somehow being triggered, therefore an incident is generated. The IOC is a domain that we've found in a phishing email. I haven't visited the domain or clicked on that quarantined email, but somehow an incident occurred this morning. What actions could trigger an added I...

Resolved! Select more than 100 endpoints in Prevention Policy Rule

Hi,I created new Prevention Policy Rule and can only select 100 endpoints. When I try to select more, I get the Note: Note: The current target will be based on 100 endpoints, you cannot choose more than 100 endpoints. To create a larger target use Dynamic target I tried to solve it with dynamic Groups, but it didn't help.How to create/select Dyn...

Elbedin by L0 Member
  • 4417 Views
  • 3 replies
  • 0 Likes

Resolved! Cortex XDR Certificate enforcement for Windows and macOS endpoints

Hi Team, I have a query regarding the Cortex XDR Agent (8.3) Certificate Enforcement settings. 1. Enable the Certificate Enforcement option.2. Decrypt either only Cortex XDR Agent traffic in the firewall or decrypt all traffic related to application servers in the firewall. Please confirm if these steps are correct, as I have not found comprehen...

Question About Custom Logs Time Field

Question I want to replace _time field value with original timestamp, but I can not find way to do this. Please tell me how to replace _time field value or Is this not possible due to specifications? Background When we collect logs from XDR Collector, which ingest three fields which related time. First one is _time, which is generated by XDR Col...

HFukuda_0-1725412582774.png
H.Fukuda by L1 Bithead
  • 1790 Views
  • 3 replies
  • 0 Likes

Resolved! Cortex XDR Timeline to XQL

Hi, For our SOC report, we want to have this table with the average statistics of last week's monitoring, including average time to assign, time to respond etc. Is there a way to extract these timestamps from the incident's timeline on XQL and therefore make a custom widget? If not, what kind of bypass are there? Thanks in advance.

MOQ - Cortex XDR NFR

Hi team, May I know, what is minimum quantity to purchase for Cortex XDR (Prevent and Pro) NFR? Also, is Cortex XDR NFR quotation will consist only 1 line item, no need for any support SKU? Thank you in advance!

  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks