This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4320 Views
  • 0 replies
  • 3 Likes

XQL Query - File Delete Action

Hi, Please may i know if anyone may have the issue i encounter since early May 2024? 1. Delete a folder (100+ files) from specific endpoint (right click mouse and select delete) 2. From Cortex XDR Query Builder - File Query and Select Action = Delete - filter the particular endpoint hostname/ip The query no longer returns the file delete/file r...

XDR Query Builder

Hi, I'm trying to use Query Builder but unable to get any results. see also attached screenshot. But when I perform a XQL search with query "dataset = endpoints" it gives me results. What should be done so I can use the Query Builder? thanks

Cortex on iPhone

Hi everyone, I have a few questions: I installed the Cortex app on my iPhone and allowed all the required permissions, but every time I close the app (swipe up), it stops working. The Cortex app is terminated, and the agent is not running. Is there a way to make the app continue working even when it is closed? In the "Modules" section, under...

Tag based widgets in Cortex XDR?

Hi all, We've started using Cortex XDR this year, and I currently see some limitations on the reporting and dashboard module. We're using tags to keep track of our endpoint, and we are looking to create reports based on tags. Basic example, I want a vulnerability report based on endpoints with tags: <service A> and <service D>. Or a...

Hip Object

I have an mdm on my corporate smartphones, how do I add it to the hip object so that users can only access the internal network if they have the mdm installed?

Resolved! Any manual actions needed for new certificate enforcement?

With the announcement of certificate enforcement for Cortex XDR 8.3, I haven't seen any guidance on how to install or where to download the certificates that XDR agents will be using. The lack of information concerns me because I don't want to enable this setting and then have XDR break because the endpoints do not have the required certificate....

dgagnon by L1 Bithead
  • 4912 Views
  • 5 replies
  • 0 Likes

Cortex XDR API get_endpoints vs get_endpoint

Hello, I've been using python script to get all endpoints /public_api/v1/endpoints/get_endpoints (https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR-REST-API/Get-all-Endpoints). Recently there was another business requirement to get OS type of all endpoints and /public_api/v1/endpoints/get_endpoint seems to have more data and contain fiel...

Resolved! désinstallation cortex xdr 7.9 pour installer xdr cortex 8.3.1

Bonjour, je suis confronté à un pb de désinstallation de Cortex xdr 7.9.0.20664 , devant migrer en 8.3.1, j'ai lancé le XdrAgentCleaner 7.9.0.17288, a demandé le password de désinstallation, est bien passé puis a demandé de rebooter. J'ai fait la même desinstallation 3 fois avec reboot à chaque fois . J'ai tenté ensuite d'installer Cortex XDR 8....

Resolved! Looking for a XQL query to identify if a specific domain is accessed in our environment.

I have tried using the below XQL query to identify the domains accessed and tried to test it using my own system but somehow I am not getting all the results. For eg : when I tried common domain names like "google.com", "reddit.com". It worked and fetched results for me. When I tried to access a specific uncommon domain name like for eg : "https...

Report XQL Bitlocker

Hello, I created a report to display computers with Bitlocker that is not compliant : config case_sensitive = false | dataset = endpoints | filter encryption_status = ENUM.APPLYING or encryption_status = ENUM.NOT_COMPLIANT | filter endpoint_type = ENUM.TYPE_WORKSTATION | fields endpoint_name When I test with real data, for example, it report 1...

Parsing at Broker VM level

I'm using COLLECT parsing rule to manipulate data at broker VM level before ingestion Rule basically filters out on raw log that I generate specific to my test like some log line that contains text criticalevent along with some date and random machine name. [Collect: vendor="unknown", product="unknown", target_broker=(mybroker), no_hit=drop] fi...

Fm12345 by L2 Linker
  • 1506 Views
  • 1 replies
  • 0 Likes

Block APP

Dear, I want to block an application, I configured it to block by the process, but when changing the name of the executable it also changes the name of the service as shown in the images. Would I be able to block it by the name that appears in the task manager?

Future of Cortex XDR

Hello dear community, we all now the future of SOC is Cortex XSIAM. What will happen to Cortex XDR in the future? I didn't see any planned new KI implementations into XDR. If you have more informations, please let me know. BR Rob

RFeyertag by L4 Transporter
  • 1887 Views
  • 2 replies
  • 0 Likes
  • 2585 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks