Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 288 Views
  • 0 replies
  • 2 Likes

Resolved! Cortex XDR

We have configured checkpoint firewall CEF log forwarding to Cortex XDR. Please provide a sample field for CEF-formatted logs.

CORTEX XDR - Best practices

Hi everyone !

 

I'm a beginner on CORTEX XDR, and need some help for 2 things !

 

- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many differen

...

MxC604 by L0 Member
  • 2286 Views
  • 1 replies
  • 0 Likes

Resolved! XQL datasets

Is there a comprehensive document containing all the datasets that are currently available? We've noticed that datasets such as "incidents_artifacts" or "incidents" are not displayed in the autofill text in XQL. We would greatly appreciate having a c

...

Allow based on certifcate issuer?

We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previousl

...

Resolved! Response Action

There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated.

 

Which application access should ideally be provided in it.

 

Thanks

Resolved! Yara Rules and Cortex XDR

I have seen alerts screenshot on internet where an alert triggered after matching a Yara rules.

 

https://attackevals.mitre-engenuity.org/enterprise/participants/paloaltonetworks?adversary=carbanak-fin7&view=results&scenario=1

(Fourth Screenshot)

 

Does C

...

KanwarSingh01_1-1648928772751.png
KanwarSingh01_0-1648928403368.png

Resolved! XQL Command Line Help

All,

Trying to write a XQL query to search for this Windows command line when executed. Can anyone tell me how to distinguish the command line parameters "domain computers" in XQL? Thanks.

 

actor_process_command_line = "%systemroot%\system32\net.exe

...

Resolved! Cortex XDR malware scan

Hello ,

 

Does anyone know the difference between the Malware scan initiated from console and Scan initiated by user locally for all drive? Does cortex XDR also scans the memory and registries in the full scan initiated? and how long it should take a

...

  • 2156 Posts
  • 83 Subscriptions
Top Solution Authors
Top Liked Authors