Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! Lincense consumption details

Hi All,

 

Is it possible to see the endpoints that are actually consuming the license, I mean the exact count that is shown in License windows (image attached)? If there are any queries to get that then pls share.

 

Thanks

Shahwaz

Tampering attempt of the XDR agent

Hello, everyone

 

I found an event called "Tampering attempt of the XDR agent" that was blocked by XDR.
For a description of this event, I tried to see if there was one in the Cortex XDR Analytics Alert Reference, but I couldn't find it.

Details of in

...

yuyangab_0-1691462650614.png
yuyangab_1-1691462656598.png
yuyangab by L1 Bithead
  • 2445 Views
  • 3 replies
  • 0 Likes

Firewall Rule Cortex XDR

Hello, I want to ask, I created a rule for blocking connections via port 139 as shown in the attached image. But why is it that when I test the connection to port 139 it still works and isn't blocked?

Screenshot_123.png

Resolved! Assign endpoint tag with YAML installer

Hi everyone

 

Is there a possible way to assign an endpoint tag during agent installation on Kubernetes with YAML installer?

The PANW documentation about Kubernetes agent is very poor. 

 

Thanks & best regards

Rocky-25 by L2 Linker
  • 888 Views
  • 1 replies
  • 0 Likes

Resolved! Temporary exception in "Allow list"?

Hello, is it possible to set a temporary exception in "Allow list"?
When you want to make an exception but for a limited time; until an identified date.
Once this date has passed, the rule would be automatically deactivated...

 

Resolved! strange files: malware?

a random dir /a on a VM that seemed to be struggling produced a list of unexpected files:

07/09/2023 09:28 PM 20,000 ZZZZZ2852017353.doc 07/21/2023 10:10 PM 50,240 !!!!!2729304900.doc 07/21/2023 09:34 PM 3,000,000 XOR...

kindzma_0-1691085067489.png
kindzma by L2 Linker
  • 6884 Views
  • 12 replies
  • 0 Likes

Resolved! RDPStealer Does Cortex XDR Pro cover this ?

Hello dear LIVEcommunity!

 

someone know if Cortex XDR pro cover this attack?

RDPStrealer is a stealer that allows attackers to obtain the user's login credentials when trying to contact other machines, thus ensuring their persistence on the network b

...

tlmarques by L3 Networker
  • 1496 Views
  • 4 replies
  • 0 Likes

File Disapper

We are using Coretex Paloalto XDR. From yesterday, in one of our application servers, the web.config file automatically disappears. We checked the incedent logs in XDR but no incedent or log found. it happened twice from yesterday .

Regards

Ram 

  • 2027 Posts
  • 81 Subscriptions
Top Solution Authors