This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4327 Views
  • 0 replies
  • 3 Likes

How IOCs are detected?

Hi, I've recently noticed that an IOC that we created a month ago is still somehow being triggered, therefore an incident is generated. The IOC is a domain that we've found in a phishing email. I haven't visited the domain or clicked on that quarantined email, but somehow an incident occurred this morning. What actions could trigger an added I...

Resolved! Select more than 100 endpoints in Prevention Policy Rule

Hi,I created new Prevention Policy Rule and can only select 100 endpoints. When I try to select more, I get the Note: Note: The current target will be based on 100 endpoints, you cannot choose more than 100 endpoints. To create a larger target use Dynamic target I tried to solve it with dynamic Groups, but it didn't help.How to create/select Dyn...

Elbedin by L0 Member
  • 4429 Views
  • 3 replies
  • 0 Likes

Resolved! Cortex XDR Certificate enforcement for Windows and macOS endpoints

Hi Team, I have a query regarding the Cortex XDR Agent (8.3) Certificate Enforcement settings. 1. Enable the Certificate Enforcement option.2. Decrypt either only Cortex XDR Agent traffic in the firewall or decrypt all traffic related to application servers in the firewall. Please confirm if these steps are correct, as I have not found comprehen...

Question About Custom Logs Time Field

Question I want to replace _time field value with original timestamp, but I can not find way to do this. Please tell me how to replace _time field value or Is this not possible due to specifications? Background When we collect logs from XDR Collector, which ingest three fields which related time. First one is _time, which is generated by XDR Col...

HFukuda_0-1725412582774.png
H.Fukuda by L1 Bithead
  • 1814 Views
  • 3 replies
  • 0 Likes

Resolved! Cortex XDR Timeline to XQL

Hi, For our SOC report, we want to have this table with the average statistics of last week's monitoring, including average time to assign, time to respond etc. Is there a way to extract these timestamps from the incident's timeline on XQL and therefore make a custom widget? If not, what kind of bypass are there? Thanks in advance.

MOQ - Cortex XDR NFR

Hi team, May I know, what is minimum quantity to purchase for Cortex XDR (Prevent and Pro) NFR? Also, is Cortex XDR NFR quotation will consist only 1 line item, no need for any support SKU? Thank you in advance!

Cortex Update

I have an issue when trying to update users to the latest version of cortex. The control panel shows that Cortex is not installed but the Cortex Icon shows up in the system tray and I can access the console from there. When I run the uninstall tool the system does not accept the password which I know is the correct one because it works on other ...

Resolved! Can't uninstall damaged installation of Cortex XDR

Hi all, On one of our pc we can't uninstall the version 7.3.1.20981 of Cortex XDR. When we try to uninstall the program appears the popup with the warning "Cortex XDR only supports per-machine installation" and the uninstall process fails. Cortex XDR agent doesn't communicate with the console. The uninstallation via msiexec doesn't works. Also...

Feature Request: Version Control for Rules

Would anyone else find it beneficial to have version control for rules made in XDR? I feel like in theory it would be a reasonable lift to incorporate version control for changes made to custom correlation rules, for example.

Parksam by L1 Bithead
  • 1437 Views
  • 2 replies
  • 2 Likes

XQL for Creating Multi-Series Line Timechart Graph

Hi all.I want to create multi-line graph, and I can create it. But My XQL query is too long and too many manual operation is there.Do you have good idea for create multi-series line graph? (more shorter one)Example (Just example. There are no Confidential Information)When I have some datesets, and I want to create graph for Log Ingestion count f...

HFukuda_0-1725501004747.png
H.Fukuda by L1 Bithead
  • 2049 Views
  • 2 replies
  • 0 Likes

Distributed network scan and Network Location Configuration

Hello,I need information about these cortex agent capabilities, as far as I can understand:- Is the agent used as a probe to detect machines without the agent installed, if so, what information is obtained Host name, IP, MAC?- Network Location Configuration, is it necessary to configure these parameters for the Distributed network scan function ...

  • 2591 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks