Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4435 Views
  • 0 replies
  • 3 Likes

How to count endpoint ACTUAL ACTIVITY by SQL query

Dears, "ACTUAL ACTIVITY" graph under user card page in XDR is very amazing feature show the duration of user working hours. Unfortunately, the time was not specified with exact minuets. My management asks me a very accurate duration of how many hours the user was actively working last month to calculate his overtime. Would you help me with SQ...

SAlasker by L0 Member
  • 1997 Views
  • 1 replies
  • 1 Likes

Cortex XDR CE version

How to know if Cortex XDR version is CE. Will it show on the table when I go to Endpoints ----> All Endpoints and on the Agent Version Field it should have for example 7.9.102CE, if it shows 7.9.102 only then it is a standard version? Thank you.

Cortex XDR Broker VM internal communication.

Hi Team, I have a query regarding the installation of the Broker VM in our organization. We have successfully installed it internally. However, when we tried to access the URL https://<brokervm-ip>:4443 internally, it failed. After whitelisting the Palo Alto domain URLs, we were able to successfully access the URL https://<brokervm-ip&g...

Thank you!

Hello dear community! Thank you all readers and writers for the huge content of help and useful information in this livecommunity! And also thank you for your valuable time! BR Rob

RFeyertag by L4 Transporter
  • 1007 Views
  • 1 replies
  • 1 Likes

Filter over 100 CIDR

Hello, I have an XQL query and I need IPs to be displayed if they are in some CIDR. I know about the incidr command and the documentation says we can use it with multiple CIDR if we use coma to separate them. Example : filter incidr(ip_address, "192.168.0.0/24, 1.168.0.0/24") = true It doesn't work at all (I tried with 2 CIDR, I have an empty...

XQL : Need help with json_extract

Dear Community, I was trying to use the json_extract to extract the value of "RuleActions" and have no success so far.Sample data: {"RuleOperation":"AddMailboxRule","RuleId":"0","RuleState":"Enabled, ExitAfterExecution","RuleCondition":"{(SubString IgnoreCase(SubjectProperty)=ABC Communication)}","RuleName":"ABC Communication","RuleProvider":"Ru...

How to escape the "\" escape character itself?

Dear community, I'm trying to use the replace command in XQL to replace the "\" escape character and have so success. When I tried with the double slash \\, the XQL will raise syntax error. | alter test2 = replace(to_json_string(data), "\\", "") Sample data: ["{\"ActionType\":\"Forward\",\"Recipients\":[\"[email protected]\"],\"ForwardFlags\":...

Pulling an inventory of Chrome Browser Extensions

Hi, I am looking to gather a list of all installed chrome extensions in our environment. I created a simple query to pull any .crx files out of the Chrome extensions file path but the results seem not quite accurate. Was wondering if anyone had a query or way of obtaining this information already? Thanks

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case? Cortex XDR

  • 2624 Posts
  • 98 Subscriptions
Top Solution Authors
Top Liked Authors