This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4322 Views
  • 0 replies
  • 3 Likes

Filter over 100 CIDR

Hello, I have an XQL query and I need IPs to be displayed if they are in some CIDR. I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them. Example : filter incidr(ip_address, "192.168.0.0/24, 1.168.0.0/24") = true It doesn't work at all (I tried with 2 CIDR, I have an empty...

XQL : Need help with json_extract

Dear Community, I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.Sample data: {"RuleOperation":"AddMailboxRule","RuleId":"0","RuleState":"Enabled, ExitAfterExecution","RuleCondition":"{(SubString IgnoreCase(SubjectProperty)=ABC Communication)}","RuleName":"ABC Communication","RuleProvider":"Ru...

How to escape the "\" escape character itself?

Dear community, I'm trying to use the replace command in XQL to replace the "\" escape character and have so success. When I tried with the double slash \\, the XQL will raise syntax error. | alter test2 = replace(to_json_string(data), "\\", "") Sample data: ["{\"ActionType\":\"Forward\",\"Recipients\":[\"john.doe@domain.com\"],\"ForwardFlags\":...

Pulling an inventory of Chrome Browser Extensions

Hi, I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a query or way of obtaining this information already? Thanks

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case? Cortex XDR

Running an XQL Scheduled Report Email If a Result is Found

Hello, I have a working XQL query that deals with Host Connectivity. Can I configure this to run as a scheduled report and only if there are results the report can be sent by email? I do not want to receive empty reports. Can this be done in XQL or on the Report side of things? Many thanks, Michael Sysec Cortex XDR

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We are using the collection integrations, NGFW, Panorama Managed. We have 8 firewall pairs that are s...

BH6678 by L0 Member
  • 2308 Views
  • 2 replies
  • 0 Likes

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem root@jordan-server:~/tmp# dpkg -i cortex-8.2.0.118335.deb Selecting previously unselected package cortex-agent. (Reading database ... 83347 files and directories currently installed.) Preparing to unpack cortex-8.2.0.118335.deb ... Active kernel LSM: lockdown,capability,landlock...

PWCMSS_0-1720763075599.png
PWCMSS by L1 Bithead
  • 4429 Views
  • 4 replies
  • 0 Likes

Resolved! Where is agent v8.5???

Hello all experts, From Agent Release below, v8.5 supposed to be released by 30Jun2024. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases However, 8.5 was not shown from the pull down menu when creating new Agent installation package. Any ideas? Thx, SdG Cortex XDR #XDRagent

SeanDeHarris_0-1721011286748.png

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully. The XDR agent communicates through the broker VM, and their communication is also normal. The only special thing is that the broker reported an error, but there were no issues w...

QZhang5_0-1720769723494.png
QZhang5_1-1720769850782.png
QZhang5_2-1720769873209.png
QZhang5_3-1720770063544.png
QZhang5 by L0 Member
  • 1108 Views
  • 1 replies
  • 1 Likes
  • 2589 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks