Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Dear All,
I wanted to create a widget to display the details of Linux Operation Mode, can someone help me how I can start with, I am still a rookie in XQL Query.
TIA
Hello XDR Enthusiasts,
I am working with multiple XDR Tenants and would like to block a file/process based on conditions. I understand that you can use the Prevention features to block files based on a block/black list. This can also be configured on
...
Hi,
I need to create an alert everytime asset with tag critical has no xdr agent installed, it is outdated, disabled or disconected.
Regards,
Fábio
How fast are these CVEs being updated?
This one is missing in our list:
https://nvd.nist.gov/vuln/detail/CVE-2023-23415
BR
Rob
We have 2 Cortex tenants with a total of about 600 users. We encountered an issue where Outlook 365 will show "Needs password" and will not connect to Office 365 to sync. The only way to get it to sync is to stop the Cortex service. Once Outlook conn
...
In our environment we are using Cortex XDR. We are at the point where we want to start looking at maybe installing this on non-persistent virtual desktops. I found the documentation that talks about how to install on the master image but there was al
...
also how to get visibility into the browser extensions used through Cortex XDR ?
There is one Top 10 Incidents widget provided in Dashboard builder which provides list of top incidents in last 24 hrs only, can anyone help me how to get data for last 30 days. Cortex XDR
Hi,
I need to create a brute force rule.
When endpoints with tag "CRITICAL" has "action_evtlog_description = An account failed to log on" and has more than 50 logs, create a CRITICAL alert.
Could you help pls.
Regards,
Hello -
On step 16 of Add a New Malware Security Profile (Prevent), there is a note:
We recommend that you disable scheduled scanning. VDI machine scans are based on the golden image and additional files will be examined upon execution.
I'm assum
...
Hello Team,
Hi,
I need to get failed logins from critical assets.
So I was trying to get tag "CRITICAL" in endpoints dataset and if there are any "event_type = ENUM.EVENT_LOG and action_evtlog_event_id = 4625 in xdr_data dataset.
Could you help pls
We are facing trouble installing Cortex xdr on one of the LInux server nor able to geenrate logs.
Attaching error picture for reference.
Hello,
There is an issue with one of the BIOC rules provided by Palo Alto. Specifically in the rule with Global ID "94fed992-c1da-4b69-9caa-292221b8c070".
The wildcards for the command line arguments that this rule intents to detect, are off. To be p
...
Hello,
I'm trying to connect an integration with our Cortex XDR for retrieving a file and its details. The only endpoint I see in the API docs that reference this action is the File Retrieval Details which uses the group_action_id from a different
...
