This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Create a ".bat" file for installing XDR on Windows machines

Dear Team, The customer is trying to deploy the XDR agent on multiple Windows devices through the SCCM tool, but first, he wants to create a .bat file format of the agent to push installation through the centralized tool. Can anyone help me on how I can achieve this? Thanks in advance! **************** WR, Sayooj Dinan

Cortex Xdr is capable DLP?

HiI have a doubt about cortex-XDR. That is, my entity was implemented in cortex-XDR, but I have to know if XDR has a capability with DLP. Can I use XDR for DLP? Regards, Salivan

salivan by L0 Member
  • 3290 Views
  • 1 replies
  • 0 Likes

XDR Capability

Hi All, Does XDR have below capabilities - Network traffic analysis Digital Forensic capability I know it has DF with the pro license, just wanted to know more about it also can we just click on it an enable it on the license page or does it require any configurational changes from the infra perspective? Regards, Shahwaz

How to use XQL to search for cloud inventory assets?

Does anyone knows which is the dataset for cloud inventory?I cant seem to find the dataset meant for cloud inventory specifically for AWS. Does anyone know if this is even available for xql searches? Also, I cant seem to have asset widget for managed/unmanaged assets available for use. Thank you!

DLee35 by L0 Member
  • 879 Views
  • 1 replies
  • 0 Likes

Resolved! Vulnerability Assessment - How does it work?

Hello, I'm trying to figure out how the vulnerability assessment (VA) feature works since I've got so many false positives. I've check the documentation but it's not clear enough for me. For Windows, does VA looking for installed KB? If the KB is not found, does it show up CVEs linked to this KB? What if the KB is included in another one? Or...

XQL to detect the ScreenConnect Client in response to CVE-2024-1709 and CVE-2024-1708

On February 19th ConnectWise released a security bulletin and update for their ScreenConnect software. https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8On February 20th ConnectWise announced that exploitation had been seen in the wild. At least one proof of concept was available at 6:27 AM UTC Feb 21...

Issue with Cortex XDR Windows Portable Device Policy Not Working

Hi community, We have assigned the Windows Portable Device block policy to some endpoints. However, we have observed that USBs are still accessible on those machines. For future troubleshooting, we need to verify whether the policy is correctly assigned and whether the endpoints are properly connected. Could you please provide guidance on ho...

XQL newbie

Hello everyone. We recently upgraded to Pro and this XQL stuff looks like an entirely different language to me still. I need some help if possible in getting started. I'm looking to build two queries. 1) I need to go through our AD infrastructure (CIE up and running) and find which devices do not have Cortex XDR currently installed as well as ...

CraigV123 by L3 Networker
  • 1780 Views
  • 2 replies
  • 0 Likes

Unconventional GP upgrade through XDR action script - works, but could use optimization.

I have a script to silently upgrade GlobalProtect clients to 6.2.2 using an msi, while avoiding disconnecting active users and reboots. It's simple and it works, but I looking to improve it by having successful upgrade status or reason for failure reported instead of just getting the success of the script. Also if the agent doesn't upgrade, I'...

cyvrlpc.sys caused BSODs on Windows 10 after update

Hi all, some of the users reported a BSOD after updating their Win10 endpoints. I'm thinking this might be due to the incompatibility between the driver and newest OS updates or something similar (looking into the stop code). Stop code: DRIVER_IRQL_NOT_LESS_OR_EQUALWhat failed: cyvrlpc.sysThe endpoints are on the latest Cortex XDR agent version...

image (2).png

Cortex XDR missing powershell logging

I'm doing some Powershell detection testing and I noticed that when I open the Powershell GUI in windows and run a command below it doesn't trigger a Powershell detection. However, when I add powershell in front of the command it does trigger an event. I'm pretty sure this always wasn't the case. Curios to see if this is expected behavior or s...

Slow Dashboard in Cortex XDR Version 3.9

Hi Community! Our Tenant was recently updated to XDR version 3.9 and since then the main dashboard seems to be much slower and unresponsive. Anyone else in the community experiencing this? I have been testing using Edge and chrome the quick launcher is very laggy along with general slowness on loading. Thoughts?

Resolved! Windows Event Collector

Hello, I want to activate Windows Event Collector on my system. I am looking my documentation. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Activate-the-Windows-Event-Collector?tocId=JKwlSDeDaqpS9R1bOJdayg What I do not understand is that do I need to do all these steps in domain controller? O...

  • 2583 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks