This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4321 Views
  • 0 replies
  • 3 Likes

Long Malware Scan time, normal?

hello all experts, I have encountered a long scanning time, i launched a malware scan from console to isolated endpoint, the job was created at 15:30 and finished by 05:30 by next day. Guessing when the job was created, either the agent was disconnected/fail to sync/the server failed (through websocket) to connect to agent/scan was finishe...

Cortex XDR trap agent unable to connect the console

Hello! I got into a trouble with linux oracle and redhat, the trap agent was installed successfully, the agent is activate, broker_vm defined as proxy and it connected, in the console the endpoints were visible (even in the endpoint description also shown the configure proxy address) but the state is in disconnected and also I cant generate the ...

Resolved! Changing Broker VM's internal network subnet

Hi all Is there a way to change the internal network subnet through other means other than the webui? The default 172.17.0.1/16 collides with the network this broker vm is on. We are having trouble accessing the webui but somehow we can ssh in. Wanted to rule out the IP conflict issue before trying other things. Thanks Tum

tmeksik by L2 Linker
  • 2582 Views
  • 1 replies
  • 0 Likes

BIOC Rule - CGO V/S Actor_process_image_name

Hi I wanted to understand, if i want to see certain cmdline activities from "x" Process. Want to know what will be more efficient putting the "x" process in "Causality_actor_process_image_name" or in "actor_process_image" while creating a BIOC

meanmach by L1 Bithead
  • 2637 Views
  • 2 replies
  • 0 Likes

Proofpoint TAP Integration - XQL Query Help

Has anyone worked with PP TAP integration and creating any useful XQL queries to help identify potential malicious mail that a user interacts with? As example:Email was not determined "bad" initially but after some sandbox from PP, it is later classified as "bad" and is blocked. Before that scenario took place, there is potential for one or mo...

XDR Agent Conenction Status : Connection Lost

Hello guys! I was thinking about what happens to Cortex XDR agent showing connection status as Connection Lost . I know XDR agent who failed to communicate to Management console for past 30 days would go to connection lost. My doubt is if XDR agent status found to be connection lost , still it will provide protection to endpoints? I know it ...

HELP - XQL QUERY For XDR and XSOAR

Hi, I am creating a playbook with the objective of integrating Cortex XSOAR and Cortex XDR . The idea is for Cortex XSOAR to query Cortex XDR , retrieve all the assets detected by the broker scanner, and verify which assets do or do not have the XDR agent. Does anyone know if this is possible? My idea is to use both solutions to achieve as...

tlmarques by L4 Transporter
  • 3681 Views
  • 4 replies
  • 0 Likes

Cortex XDR

Hello, Is there any possibility that the customer may utilize Cortex XDR agent in two domains, taking into account that first one has tenant id, the other doesn't? Thank you in advance.

Cortex XDR Agent Service Get Stopped.

Hello Guys! Just wanted a clarification that once the Cortex XDR agent service : cyserver.exe get stopped due to any reason. 1.How the system service restarts again ? 2. How many or frequency of heartbeats does cortex xdr agent send to Cortex XDR (Cloud) to restart the cortex XDR agent Service ? 3. From Documentation , it is mentioned "The Co...

  • 2585 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks