This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4396 Views
  • 0 replies
  • 3 Likes

Pulling an inventory of Chrome Browser Extensions

Hi, I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a query or way of obtaining this information already? Thanks

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case? Cortex XDR

Running an XQL Scheduled Report Email If a Result is Found

Hello, I have a working XQL query that deals with Host Connectivity. Can I configure this to run as a scheduled report and only if there are results the report can be sent by email? I do not want to receive empty reports. Can this be done in XQL or on the Report side of things? Many thanks, Michael Sysec Cortex XDR

Data Ingest per Source for Palo Alto Firewalls in Cortex XDR

I do not think this is in the correct Board, but I could not find a Cortex XDR channel.. First time posting so I am sure I missed it. I have Cortex XDR and we are trying to see what firewall is sending the largest amount of data by GB Ingest. We are using the collection integrations, NGFW, Panorama Managed. We have 8 firewall pairs that are s...

BH6678 by L0 Member
  • 2517 Views
  • 2 replies
  • 0 Likes

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem root@jordan-server:~/tmp# dpkg -i cortex-8.2.0.118335.deb Selecting previously unselected package cortex-agent. (Reading database ... 83347 files and directories currently installed.) Preparing to unpack cortex-8.2.0.118335.deb ... Active kernel LSM: lockdown,capability,landlock...

PWCMSS_0-1720763075599.png
PWCMSS by L1 Bithead
  • 4846 Views
  • 4 replies
  • 0 Likes

Resolved! Where is agent v8.5???

Hello all experts, From Agent Release below, v8.5 supposed to be released by 30Jun2024. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases However, 8.5 was not shown from the pull down menu when creating new Agent installation package. Any ideas? Thx, SdG Cortex XDR #XDRagent

SeanDeHarris_0-1721011286748.png

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully. The XDR agent communicates through the broker VM, and their communication is also normal. The only special thing is that the broker reported an error, but there were no issues w...

QZhang5_0-1720769723494.png
QZhang5_1-1720769850782.png
QZhang5_2-1720769873209.png
QZhang5_3-1720770063544.png
QZhang5 by L0 Member
  • 1163 Views
  • 1 replies
  • 1 Likes

Cortex XDR DNS Collectors

Hi community, I have a query regarding Cortex XDR collectors. When installing collectors on the local DOM servers, what types of logs does the Cortex XDR console retrieve? How can these logs help with the investigation of incidents?

Resolved! Cortex XDR agent's CE versions missing from the list & version downgrading

Hi team 2 questions but related here: 1) We need to downgrade from 8.4.x to 8.3 CE. Is this possible to just installer a CE over the existing 8.4.x? Or an uninstall is required...?2) Is there any reason why I can't see a CE version listed (screenshot attached)? Expected there to be 8.3.100.52566 [CE]... Thanks Tum

tmeksik by L2 Linker
  • 4255 Views
  • 4 replies
  • 0 Likes

Move Cortex XDR agent from one tenant to another (and back)

When we move an agent to a new management server, what would happen to the logs and telemetries we have on the old tenant? Would they be retained as per the usual policy or would they just get purged? Also if we then move it back to the old tenant, would it appear like the logs/telemetries just have some gaps while the agent was away from the ...

tmeksik by L2 Linker
  • 2641 Views
  • 3 replies
  • 0 Likes

Upgrade agent failed

I have encountered the following issue of failed agent upgrade on a Windows laptop, showing the following message: XDR Agent failed to upgrade from version 8.4.0.51691 to version 8.5.0.624 on LAPTOP-xxxxxxx with error: Windows Installer DB: Current agent registration is missing. Anyone has experienced this as well? How can I solve the issue ...

BIOC RULE Creation - Workstation IP changed

Hi, How we can monitor the scenario like, when a cortex connected workstation's IP address change? Whether it is possible to create a rule/bioc in cortex xdr for monitoring the above mentioned scenario ? Cortex XDR Cortex Data Lake Thanks Christy

Christy7 by L0 Member
  • 1001 Views
  • 1 replies
  • 0 Likes

GPU passthrough in VM (hyper-v) gets roll back automatically

I am using Hyper-v VM's on windows 2019 server After automatic deployment (not managed by me) of Cortex XDR agent version 8.4.0 on that server Assigning GPU's from host to the VM's getting roll back automatically within seconds in front of my eyes (in the VM device manager) I can't find any relevant Error in the Event viewer and I don't have...

orenvin by L0 Member
  • 1079 Views
  • 1 replies
  • 0 Likes

Resolved! Customize the Endpoint Isolation message

Hello once again, Does anyone know if it is possible to customize the message that is sent to the endpoint when it is isolated?Currently XDR just displays a message for 5 seconds that says 'The Cortex XDR agent has stopped network access on your device.' (screenshot attached) The use case is to let the endpoint user know where to call for fu...

  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks