Cortex XDR Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Does Cortex XDR run the Malware scan if the USB device is inserted into the endpoint?

Hi everyone,

Does Cortex XDR run the malware scan on the USB device immediately when it is inserted into the endpoint?

Agent Settings - Network Location Configuration

Hello dear community,

what use cases are there for the network Location Configuraiton and is there a simple documentation about this topic?

If there is a connection to the host firewall topic, we have a use case, because our laptops get a public i

...

Resolved! Upgrade XDR Agent

Hi,

We are trying to uninstall and install XDR on a Windows server but getting a prompt during uninstallation that reboot is required.

Will reboot be necessary after uninstallation?

Regards,

Shahwaz

Resolved! About XDR Cloud Compliance

Hello dear community,

We noticed a feature called Cloud Compliance on Cortex XDR, but we don't see any details.

What is this feature related to and from where to collect data?

Is there any documentation available about this feature since I couldn

...

Mobile Phone Device Restriction on MacOS

Hello all,

I am currently looking into creating a Device Restriction Policy in which I block a physical connection of a Mobile Phone to MacOS endpoint. Once blocked I would expect to receive an alert on the Device Policy Violation page. Is this poss

...

Red teaming tool detection by XDR

Can you confirm whether XDR can block "Brute Ratel C4" tool executing threats.

Resolved! Disappearing XDR Endpoints for iOS and Android

Hi There,

We've got the XDR Agent for mobile devices deployed in our environment for both Android and iOS.

I've noticed after some time these devices stop checking in with Cortex in the Endpoints dashboard.

The devices will first say 'disconnected'

...

Resolved! Cloud identity engine - Logs collection

Hi Community,

Good day!

We are unable to see the logs in the Cloud identity engine log viewers. if possible, Could you please suggest a way to get logs from the Directories?

Thanks in advance.

Cortex XDR Cloud Identity Cloud Identity Engine

...

Resolved! Cloud Identity engine - Application

Hi Community,

Good day!

In the cloud identity engine for an Azure directory, we have the option of application. In that application option its showing as Not Consented.

Could you please tell us why it shows like that and how to rectify the not

...

Showing Malware incident in the Dashboard

Hello, just want to showed the Malware incidents and the related-malware filename in the dashboard, what should i choose for the XQL.

thanks

no Cortex XDR integration in "security providers" in "security center" in Windows Server?

Palo Alto docs say this:

The Cortex XDR agent registers with the Windows Security Center as an official Antivirus (AV) software product. As a result, Windows shuts down Microsoft Defender on the endpoint automatically, except for endpoints that are

...

Download the freshly created xdr-distribution-file

Hello

I'm looking for an autmoatisation, where I'm able to download the freshly created xdr-distribution-file.
In my Playbook I've created following steps:

xdr-get-distribution-versions
xdr-create-distribution
xdr-get-distribution-url

Now, the last step

...

User details in XDR

Hi,

We can see user details are not getting captured in the XDR endpoints details, how does logged-in user details are captured?

Thanks

Resolved! Need help with XQL query to report deleted files

Dear Sir,

Please if anyone can help to advise the XQL query to create a custom report to capture the "File Delete" activities in one particular server?

I know we can create the same from Query Builder, but from Query Builder it will only return 10,00

...

Resolved! Cortex XDR 8.1 release

Hi,

I can see that Agent version 8.1 was released on 25 of June (https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases) but I can't see it available on my portal. Could you tell me what have I misse

...

Discussions

Welcome to the Cortex XDR Discussions!

Rules and Best Practices

Does Cortex XDR run the Malware scan if the USB device is inserted into the endpoint?

Agent Settings - Network Location Configuration

Resolved! Upgrade XDR Agent

Resolved! About XDR Cloud Compliance

Mobile Phone Device Restriction on MacOS

Red teaming tool detection by XDR

Resolved! Disappearing XDR Endpoints for iOS and Android

Resolved! Cloud identity engine - Logs collection

Resolved! Cloud Identity engine - Application

Showing Malware incident in the Dashboard

no Cortex XDR integration in "security providers" in "security center" in Windows Server?

Download the freshly created xdr-distribution-file

User details in XDR

Resolved! Need help with XQL query to report deleted files

Resolved! Cortex XDR 8.1 release

Find Incidents/Alerts triggered based on 3rd Party Integrations

Device Permanent Exceptions - Is There A Limit?

Windows 11 security features

XQL query for all datasets

XQL chart editor

Solution: How To View Cortex XDR Behavioral Threat Protection (BTP) Rules

Re: Find Incidents/Alerts triggered based on 3rd Party Integrations

Re: XQL chart editor

Re: Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Cortex XDR 8.2+ Not Able to Uninstall - Not Showing In Programs (Windows)

Unlock your full community experience!

Rules and Best Practices

Resolved! Upgrade XDR Agent

Resolved! About XDR Cloud Compliance

Resolved! Disappearing XDR Endpoints for iOS and Android

Resolved! Cloud identity engine - Logs collection

Resolved! Cloud Identity engine - Application

Resolved! Need help with XQL query to report deleted files

Resolved! Cortex XDR 8.1 release