This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4320 Views
  • 0 replies
  • 3 Likes

Resolved! automation for retrieve alerts

Hi, I would like to know if it is possible #Cortex XDR automatically perform "retrieve alert data" and/or "retrieve TSF" for all incidents or alert (critical and high). I'm asking this because I work with non-persistent VDIs, and many times the user has already closed the session, and I can no longer retrieve the necessary logs for a better anal...

tlmarques by L4 Transporter
  • 2025 Views
  • 2 replies
  • 0 Likes

Help with Memory corruption exploitation event in excel.exe

Hi, I need your help.When analyzing a Memory corruption exploitation event in excel.exe, the Cortex XDR usually doesn't provide much information I can only see in the graphical interface that the user executed Excel at that moment. In my case, it shows that the user opened an Excel file that was on a file share. I would like to know if anyone ...

tlmarques by L4 Transporter
  • 2762 Views
  • 2 replies
  • 0 Likes

Resolved! Broker VM upgrade control (Delay)

Hi Team, As we faced the mass issue of BSOD due to Crowdstrike, there's a query by management team that can we delay the agent upgrade or we can say can we control upgrade process of Broker VM if we want to hold the version on any specific version.

How to count endpoint ACTUAL ACTIVITY by SQL query

Dears, "ACTUAL ACTIVITY" graph under user card page in XDR is very amazing feature show the duration of user working hours. Unfortunately, the time was not specified with exact minuets. My management asks me a very accurate duration of how many hours the user was actively working last month to calculate his overtime. Would you help me with SQ...

SAlasker by L0 Member
  • 1919 Views
  • 1 replies
  • 1 Likes

Cortex XDR CE version

How to know if Cortex XDR version is CE. Will it show on the table when I go to Endpoints ----> All Endpoints and on the Agent Version Field it should have for example 7.9.102CE, if it shows 7.9.102 only then it is a standard version? Thank you.

Cortex XDR Broker VM internal communication.

Hi Team, I have a query regarding the installation of the Broker VM in our organization. We have successfully installed it internally. However, when we tried to access the URL https://<brokervm-ip>:4443 internally, it failed. After whitelisting the Palo Alto domain URLs, we were able to successfully access the URL https://<brokervm-ip&g...

Thank you!

Hello dear community! Thank you all readers and writers for the huge content of help and useful information in this livecommunity! And also thank you for your valuable time! BR Rob

RFeyertag by L4 Transporter
  • 950 Views
  • 1 replies
  • 1 Likes

Filter over 100 CIDR

Hello, I have an XQL query and I need IPs to be displayed if they are in some CIDR. I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them. Example : filter incidr(ip_address, "192.168.0.0/24, 1.168.0.0/24") = true It doesn't work at all (I tried with 2 CIDR, I have an empty...

XQL : Need help with json_extract

Dear Community, I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.Sample data: {"RuleOperation":"AddMailboxRule","RuleId":"0","RuleState":"Enabled, ExitAfterExecution","RuleCondition":"{(SubString IgnoreCase(SubjectProperty)=ABC Communication)}","RuleName":"ABC Communication","RuleProvider":"Ru...

How to escape the "\" escape character itself?

Dear community, I'm trying to use the replace command in XQL to replace the "\" escape character and have so success. When I tried with the double slash \\, the XQL will raise syntax error. | alter test2 = replace(to_json_string(data), "\\", "") Sample data: ["{\"ActionType\":\"Forward\",\"Recipients\":[\"john.doe@domain.com\"],\"ForwardFlags\":...

  • 2585 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks