Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
I am aware that Cortex XDR Agent can monitor traffic leaving WSL in the same way that it does with VMWARE or other virtualisation platforms with the WSL processes being a source of activity onto the windows system which is monitored, but the internal
...
Hi,
We want to write a logic to detect if there have been X number of file renames in Y time for a particular system
Please let me know what is the way to achieve the same ?
Hello everybody.
If you have any doubts about the community's help story, my Cortex agent is installed on my Windows servers but often consumes a lot of CPU and memory resources from my VMs, this ends up creating many alerts in my monitoring, I would
Dear All,
Do you know why the content updated, cannot open the task manager?
Cortex XDR
"ruleId": "bioc.masqueraded_process_msft",
"fileIdx": 0,
"modules": [],
"profile": "Malware",
"sockets"
Looking for help. I would like to come up with the query to find all new applications installed compare to the last month inventory.
The logic would be what new application/software have been installed on the hosts this month.
Dear all,
I'm planning to deploy Cortex XDR on my DC, but I don't see the integrated options for MS Teams.
Could I know whether or not I can send alerts from Cortex XDR via MS Teams?
We noticed that the global uninstall password set last year at the end of May no loger works, in the Management Audit Logs there are no other events "Agent global uninstall password updated".
Can it expire? or be changed without generating an even
...
Hello everyone, I'm attempting to extract fields from DHCP logs but encounter an error stating, "Your query failed to run as it's invalid." my regex code works correctly on regex101 and CyberChef. Does anyone have any insights on how to troubleshoot
...
With the continual growth and development of ARM in the windows sector there is a clear demand for a Cortex XDR Agent for Windows on ARM. This also impacts virtualisation on Macs and other devices with ARM processors.
Is there an roadmap for considera
Hello Team ,
We are getting multiple alerts for BIOC analytics and XDR analytics right now as checked on console there is no option visible to add exception/exclusion for this alert.
Can some one please guide how we can create a exception/exclusi
...
Hello,
Looking to set up FIM using the Cortex XDR agent and from what I have found so far, it seems unsupported. Has anyone set up FIM using any method?
The only possible option I have found so far is maybe using an auditbeat with the FIM module:
...
Hi Team,
Recently I got a warning message in cortex saying that "Some of your endpoints have policies without Certificate Enforcement enabled". And by checking it further I could see that, this is to increase protection on the agent's communication
...
Hello peers,
I tried installing Cortex XDR agent v8.1.x earlier and v8.2.x recently - the Setup Wizard ends prematurely because of some error not presented in detail.
Alternatively, I could install previous version and further upgrade to latest.
...
I am using the DeTTeCT approach to assessing our coverage against ATT&CK: GitHub - rabobank-cdc/DeTTECT: Detect Tactics, Techniques & Combat Threats. In this approach, you need to start with a set of yaml files that have your datasources and detectio
...
