This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4358 Views
  • 0 replies
  • 3 Likes

Resolved! create BIOC rules via Cortex XDR API

Hi community,I'd like to enquire whether Cortex XDR can create BIOC rules via Cortex XDR API.I could not find any description about creating BIOC rules on the following Cortex-XDR-API-Reference. Cortex XDR API Overview | Cortex XDR (stoplight.io)

Resolved! block vulnerable applications from running

Hi community, I am attempting with restricting the execution of vulnerable applications. Is it possible to block a specific application version using BIOC associated with restriction profile?(Or if there's another easy way to do this please let me know)

managing incident from dynamic emails using MSGRAPH integration

Hello everyone, I am looking for a solution to handle a specific situation related to incident activation from an email, using the MSGRAPH integration. Typically, to activate an incident, I classify it based on a static email subject. Then, I configure the "type" to trigger the corresponding playbook. However, this approach seems limited by the ...

MF762 by L1 Bithead
  • 1020 Views
  • 1 replies
  • 0 Likes

Resolved! XDR Agent version naming convention

Hi all, I am a bit confused with the new Agent version numbers. So to be sure: Taking the naming convention into account, isn't the XDR Agent version 8.5.0.624. higher and newer then version 8.5.0.3639? 8.5.0.3639 is recently released to support the Windows 11 24H2. Does this mean that the (higher?) version 8.5.0.624 in fact does not suppo...

AbdBgc by L2 Linker
  • 1936 Views
  • 1 replies
  • 0 Likes

Resolved! Is it safe to rename Agent Installations in Cortex and retain Connection?

I was going to delete them all and start over with a new naming convention for my admins, so they are easier to find and use. But when I tried to delete them, I was warned it would disconnect anything that was installed using the generated files.Question 1: Can I rename them and retain the link to the console on computers that used the previousl...

J.Suter by L2 Linker
  • 2467 Views
  • 3 replies
  • 0 Likes

Cortex XDR Agent certificate enforcement

Hi Team, I have enabled the Cortex XDR agent settings for certificate enforcement. However, endpoints are showing as only partially protected, and the Operational Status Details indicate that certificate enforcement is disabled against policy (Failed to enable certificate enforcement due to local store fallback). Could you please help with this ...

Resolved! Network Configuration - WAN IP

Hi Community, Would it be correct to register the IP addresses of the firewall's WAN interfaces in Cortex's network configuration -> Internal IP range? I ask this question because I have a Fortigate sending the logs to Crotex and always the IP that is in the firewall is treated as an artifact and not the IP that is scanning ports of fire...

Group events with xql bin stage

Hi everyone I try to count some events per day and used the bin stage to do this. It does work to group the events together but the time is wrong. For example an event at 00:30 will count for the day before (probably because of the timezone). I tried different configurations with the optional parameter timeshift and timezone but I'm not able t...

micomi by L3 Networker
  • 3781 Views
  • 5 replies
  • 0 Likes

Service Interruption and Telemetry Issues on Cortex Installation (RHEL 9.4)

I'm facing issues with my Cortex install on a RHEL 9.4 system.Agent version 8.4.0.123787 Kernel version 5.14.0-427.35.1.el9_4.x86_64 Some services are stopped and not restarting: Command Run: sudo /opt/traps/bin/cytool runtime query Stopped Services: clad, spmd, lted Attempt to Restart Services: sudo /opt/traps/bin/cytool runtime start...

Create link on the dashboard

Hi all, I have created a simple custom Dashboard using a custom Widget. I want to put a link to endpoint table filtered by the result (result is the agent name), like the links on the default "Agent Management" dashboard. Does anyone know how to? Thanks for the replies in advance.

Dashboard_01.JPG
AbdBgc by L2 Linker
  • 1946 Views
  • 4 replies
  • 0 Likes
  • 2599 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks