This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4332 Views
  • 0 replies
  • 3 Likes

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We are using the collection integrations, NGFW, Panorama Managed. We have 8 firewall pairs that are s...

BH6678 by L0 Member
  • 2319 Views
  • 2 replies
  • 0 Likes

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem root@jordan-server:~/tmp# dpkg -i cortex-8.2.0.118335.deb Selecting previously unselected package cortex-agent. (Reading database ... 83347 files and directories currently installed.) Preparing to unpack cortex-8.2.0.118335.deb ... Active kernel LSM: lockdown,capability,landlock...

PWCMSS_0-1720763075599.png
PWCMSS by L1 Bithead
  • 4447 Views
  • 4 replies
  • 0 Likes

Resolved! Where is agent v8.5???

Hello all experts, From Agent Release below, v8.5 supposed to be released by 30Jun2024. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases However, 8.5 was not shown from the pull down menu when creating new Agent installation package. Any ideas? Thx, SdG Cortex XDR #XDRagent

SeanDeHarris_0-1721011286748.png

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully. The XDR agent communicates through the broker VM, and their communication is also normal. The only special thing is that the broker reported an error, but there were no issues w...

QZhang5_0-1720769723494.png
QZhang5_1-1720769850782.png
QZhang5_2-1720769873209.png
QZhang5_3-1720770063544.png
QZhang5 by L0 Member
  • 1113 Views
  • 1 replies
  • 1 Likes

Cortex XDR DNS Collectors

Hi community, I have a query regarding Cortex XDR collectors. When installing collectors on the local DOM servers, what types of logs does the Cortex XDR console retrieve? How can these logs help with the investigation of incidents?

Resolved! Cortex XDR agent's CE versions missing from the list & version downgrading

Hi team 2 questions but related here: 1) We need to downgrade from 8.4.x to 8.3 CE. Is this possible to just installer a CE over the existing 8.4.x? Or an uninstall is required...?2) Is there any reason why I can't see a CE version listed (screenshot attached)? Expected there to be 8.3.100.52566 [CE]... Thanks Tum

tmeksik by L2 Linker
  • 4078 Views
  • 4 replies
  • 0 Likes

Move Cortex XDR agent from one tenant to another (and back)

When we move an agent to a new management server, what would happen to the logs and telemetries we have on the old tenant? Would they be retained as per the usual policy or would they just get purged? Also if we then move it back to the old tenant, would it appear like the logs/telemetries just have some gaps while the agent was away from the ...

tmeksik by L2 Linker
  • 2526 Views
  • 3 replies
  • 0 Likes

Upgrade agent failed

I have encountered the following issue of failed agent upgrade on a Windows laptop, showing the following message: XDR Agent failed to upgrade from version 8.4.0.51691 to version 8.5.0.624 on LAPTOP-xxxxxxx with error: Windows Installer DB: Current agent registration is missing. Anyone has experienced this as well? How can I solve the issue ...

BIOC RULE Creation - Workstation IP changed

Hi, How we can monitor the scenario like, when a cortex connected workstation's IP address change? Whether it is possible to create a rule/bioc in cortex xdr for monitoring the above mentioned scenario ? Cortex XDR Cortex Data Lake Thanks Christy

Christy7 by L0 Member
  • 963 Views
  • 1 replies
  • 0 Likes

GPU passthrough in VM (hyper-v) gets roll back automatically

I am using Hyper-v VM's on windows 2019 server After automatic deployment (not managed by me) of Cortex XDR agent version 8.4.0 on that server Assigning GPU's from host to the VM's getting roll back automatically within seconds in front of my eyes (in the VM device manager) I can't find any relevant Error in the Event viewer and I don't have...

orenvin by L0 Member
  • 1029 Views
  • 1 replies
  • 0 Likes

Resolved! Customize the Endpoint Isolation message

Hello once again, Does anyone know if it is possible to customize the message that is sent to the endpoint when it is isolated?Currently XDR just displays a message for 5 seconds that says 'The Cortex XDR agent has stopped network access on your device.' (screenshot attached) The use case is to let the endpoint user know where to call for fu...

Email Alerts

The alerts we receive in email are detailed with a code box that can be very long and difficult to read especially through a mobile device. Is there options to make these alerts more user and mobile friendly?

TGroleau by L0 Member
  • 1241 Views
  • 3 replies
  • 0 Likes

XQL query for browsers installed or in usage on host + Host_name.

Hi,I need to find which browsers the users using for daily tasks.I'm looking for a XQL query for browsers installed or browsers in usage by the user + hostname,The date that the app installed and the version is not so important as long as i get the browser name or vendor like chrome, Firefox etc.I can provide browsers list to search for or any o...

XDR Agent Stop 8.3.0

Hi, I would like to know if anyone has experienced this problem. Sometimes, without any apparent reason, the Cortex XDR Agent version 8.3.0 stops responding on Windows Server 2016 servers. When we check the services, the service is stopped We restart it, force the communication, and everything works fine.Sometimes, we need reboot server to start...

tlmarques by L4 Transporter
  • 1821 Views
  • 2 replies
  • 0 Likes
  • 2593 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks