Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Resolved! Automatic Artifact Analysis in Forensic Investigation

I have created and conducted some forensic cases on Cortex XDR, but one thing that has always intrigued me is the "Alert" tab in the Forensic Investigation section. Does this tab contain alerts generated by the automatic artifact analysis feature bas

...

Resolved! XTH licence allocation

We came to a conclusion that only handful of endpoints would benefit from the extra telemetries that add-on is collecting thus we do not want to purchase the add-on for the entire fleet.

Is it possible to allocate XTH add-on only on endpoints that

...

Resolved! Vulnerability Assessment Cortex XDR

I see there are two datasets regarding vulnerability assessment in Cortex XDR "va_cves" and "va_endpoints" dataset. What is the difference between these two? Also is there some dataset or anything in Cortex XDR that I can use to find out if a CVE vu

...

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

New Certifica

...

Resolved! Appcrash Windows event log entry for "cyinjct.dll"

Hello,

I'm wondering if anyone ever had this problem. Appcrash event is occurring for "cyinjct.dll":

Host: Windows Server 2019

Cortex Agent version: 8.7.0.7735

- <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
- <System>
<Provi

...

[Cortex XDR] - I Want to monitor the file creation, modification, removal, etc. under the specified path through the BIOC Rule.

Dear Everyone,

I would like to use the XDR BIOC Rule to block the host from creating, editing, deleting, renaming, etc. files in specific file paths.

I tried to write a BIOC Rule but found that it can't be successfully applied to the Restrictions p

...

On-demand file Examination policy

Hi,

I've got 3 questions.
1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are bein

...

Legacy Agent Exceptions or New menu??

Hi, what's your opinion?

Legacy Agent Exceptions or Global Exceptions Menu??

What's the difference? Which one is better?

Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings

...

Alert for Any PowerShell Script Execution in Cortex XDR

Hi Cortex XDR Community,

I want to set up an alert in Cortex XDR that triggers whenever any user runs a PowerShell script. The alert should activate for any script or command executed in PowerShell, regardless of the user or specific script.

Is there

...

Resolved! Exception to prevent the blocking of the Powershell/CMD command

Hi. How can I create an exception to prevent specific PowerShell and CMD commands from being blocked by XDR?
Cortex XDR

Resolved! Exclusion process cortex?!

Hi,

How can I create an exclusion in Cortex XDR to stop it from scanning a specific executable??

We have a critical software in our company, and we've noticed that Cortex is constantly analyzing it, causing the machine high CPU and MEM.

How can we excl

...

Custom Parsing Rule - Cohesity

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets

The only known issue I'm seeing so far is the logs get dupl

...

Scanning Linux host, only scans a portion of the FS

Hello there,

I recently initiated a Malware scan on a linux host and when I went to see the results I see that it seems that it scan only two dirs (/opt, /usr) only.
Why is that the case?

The host has more directories of course and there are multiple

...

Role based privilege's

Dear Team,

As per the client requirement, Kindly suggest for the role based privilege's that can be assigned L1 and L2 users accordingly.

where L1 is lower level engineer and L2 is above L1.

Powershell problem

Hi forum,

I have a problem with PowerShell, specifically with the file located at C:\Program Files\Winget-AutoUpdate\winget-upgrade.ps1.

When I restart the computer, Cortex send alert appears regarding winget-upgrade.ps1.

I created a disable preventi

...

User

Likes Count

8 Likes

4 Likes

2 Likes

1 Likes

Cortex XDR Discussions

Discussions