Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

jusched.exe flagged as Threat by Behavioural Threat Protection

We are flooded by alerts from jusched.exe being flagged as Threat by Behavioural Threat Protection.

Are exclusions the only way out to resolve?

XDR AV Scan Alerts/Incidents

Hello Team,

During AV scan, everytime we are recieving cache file is detected from the different hosts and filename and Hash is same. The file verdict is Benign.

Help me how can I address this file. As it is a temporary file.

Your Cortex Data Lake integration with Cortex XDR is about to expire

We received a Cortex XDR email with the message:

"Your Cortex Data Lake integration with Cortex XDR is about to expire. To avoid any data loss, it is recommended that you copy your device configurations directly into Cortex XDR"

There was also a si

...

Cortex Data Lake integration with XDR Expiration.JPG

Cortex XDR Error Pop-Up in Mac

Hello Team,

We have already granted full disk permissions in macOS for Cortex XDR. However, we are still encountering the following popup:

The popup continues to reappear on the machine.

Not able to define new uninstall password

Our XDR agent uninstall password suddenly became unusable. So i figured i would go in and set a new one. Turns out it won't allow me to set a new password. It says: "Does not meet the requirements".

I have set the password to be 20 charachters, i hav

...

Resolved! Filters in the custom dashboard

Dear Community,

Currently in Cortex XDR 3.8, there are new updates in the dashboard.

According to the official documentation below, you can configure filters and inputs in the custom dashboard.
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/

...

Cortex XDR Error Pop-Up in Mac

Hi Team,

We have already granted full disk permissions in macOS for Cortex XDR. However, we are still encountering the following popup:

The popup continues to reappear on the machine.

We are planning to do the following for the migration, can you pls validate if this is gonna work or not-

- We will import the configuration to new broker
- This will shutdown the old broker
- Since we have 2 BVM , we should not have any conn

...

Resolved! SQL Server Best Practices

Hello.

I am looking for configuration best practices for agent config, exclusions/exceptions for MS SQL. I am new to XDR but I know in similar products it's normal to exclude the database files from live scanning, etc and I can't seem to find any doc

...

Dashboard creation for device temporary exceptions

I'm trying to create a dashboard with all temporary exceptions, but I can't find the database where the "Device Temporary Exceptions" is located.

Can someone help me

Resolved! Combine dataset of File Path XDR-dataset and PANNGFW

Hi Expert ,

I would like to know how to combine or join dataset between XDR-data and PANNGFW I make xql of PANNGFW when found, alert wildfire or antivirus will show file-sha256 by the way I want to combine dataset of xdr-agent to find file-path t

...

Mac offline scan

We have a mac that we suspect may be compromised. We would like to run a scan with the device offline and not connected to our network.

How would we go about doing this?

Unable to update cortex to latest version

When i try to update the cortex version 8.1.1.43337 version, I got the attached error. I try to update from 7.9.1 version.

Resolved! XQL converting Bytes to MB or GB

Hey!

I was just wondering if anyone knows of a way to get the total download/upload to show in MB or GB rather than bytes through an XQL queries' output?

XQL Query

dataset = xdr_data // Using the xdr dataset
| filter event_type = ENUM.NETWORK // Filt

...

XDR agent on ... failed to communicate to the server via proxy

Hello,

I am a bit confused by the information in logs when an XDR enpoint is connected to a BrokerVM.

It appears that for some connexions issues, endpoints are not communicating anymore with the BrokerVM:

XDR agent on ... failed to communicate to

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

jusched.exe flagged as Threat by Behavioural Threat Protection

XDR AV Scan Alerts/Incidents

Your Cortex Data Lake integration with Cortex XDR is about to expire

Cortex XDR Error Pop-Up in Mac

Not able to define new uninstall password

Resolved! Filters in the custom dashboard

Cortex XDR Error Pop-Up in Mac

Resolved! Broker VM migration

Resolved! SQL Server Best Practices

Dashboard creation for device temporary exceptions

Resolved! Combine dataset of File Path XDR-dataset and PANNGFW

Mac offline scan

Unable to update cortex to latest version

Resolved! XQL converting Bytes to MB or GB

XDR agent on ... failed to communicate to the server via proxy

Rare Login Query Not Working

Help with fine tuning a query using $arguments and enclosing them in "quotes"

Details regarding %PROGRAMDATA%\Cyvera\ folders

How to check powershell version at cortex XDR

Cortex VM Broker SNMP monitoring

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Re: Cortex XDR Get Incident API function 'hosts':None

Re: Rare Login Query Not Working

Re: How to check powershell version at cortex XDR

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Unlock your full community experience!

Rules and Best Practices

Resolved! Filters in the custom dashboard

Resolved! Broker VM migration

Resolved! SQL Server Best Practices

Resolved! Combine dataset of File Path XDR-dataset and PANNGFW

Resolved! XQL converting Bytes to MB or GB