This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4361 Views
  • 0 replies
  • 3 Likes

Resolved! Filter by IP address range

Hello there, I've definied multiple IP address ranges in the assets module of Cortex XDR console. Some range belongs to the same factory. Ranges have a name like this : FactoryName - VlanName We have multiple units. Somes units contains multiple factories. I would like to create dynamics endpoints group (for units) filtered on the IP addre...

Data Ingestion License Violation

After our Cortex XDR tenant was upgraded to 3.9 we started receiving the following error: "License Violation warning Based on a 7 day average calculation from February 24th 2024 to March 1st 2024, your daily ingestion quota is exceeded." Looking at the Data Ingestion Dashboard it appears our NGFW data ingestion is reporting to has significantl...

jruck by L2 Linker
  • 4162 Views
  • 6 replies
  • 0 Likes

Mobile iOS install with InTune

Hey everyone, Is there a way to bypass the onboarding wizard screens that you see when setting up the app and just configure it with Intune? If not, we'll have to manually walk through these settings on potentially thousands of devices.

CraigV123 by L3 Networker
  • 2743 Views
  • 4 replies
  • 1 Likes

Create a ".bat" file for installing XDR on Windows machines

Dear Team, The customer is trying to deploy the XDR agent on multiple Windows devices through the SCCM tool, but first, he wants to create a .bat file format of the agent to push installation through the centralized tool. Can anyone help me on how I can achieve this? Thanks in advance! **************** WR, Sayooj Dinan

Cortex Xdr is capable DLP?

HiI have a doubt about cortex-XDR. That is, my entity was implemented in cortex-XDR, but I have to know if XDR has a capability with DLP. Can I use XDR for DLP? Regards, Salivan

salivan by L0 Member
  • 3346 Views
  • 1 replies
  • 0 Likes

XDR Capability

Hi All, Does XDR have below capabilities - Network traffic analysis Digital Forensic capability I know it has DF with the pro license, just wanted to know more about it also can we just click on it an enable it on the license page or does it require any configurational changes from the infra perspective? Regards, Shahwaz

How to use XQL to search for cloud inventory assets?

Does anyone knows which is the dataset for cloud inventory?I cant seem to find the dataset meant for cloud inventory specifically for AWS. Does anyone know if this is even available for xql searches? Also, I cant seem to have asset widget for managed/unmanaged assets available for use. Thank you!

DLee35 by L0 Member
  • 933 Views
  • 1 replies
  • 0 Likes

Resolved! Vulnerability Assessment - How does it work?

Hello, I'm trying to figure out how the vulnerability assessment (VA) feature works since I've got so many false positives. I've check the documentation but it's not clear enough for me. For Windows, does VA looking for installed KB? If the KB is not found, does it show up CVEs linked to this KB? What if the KB is included in another one? Or...

XQL to detect the ScreenConnect Client in response to CVE-2024-1709 and CVE-2024-1708

On February 19th ConnectWise released a security bulletin and update for their ScreenConnect software. https://www.connectwise.com/company/trust/security-bulletins/connectwise-screenconnect-23.9.8On February 20th ConnectWise announced that exploitation had been seen in the wild. At least one proof of concept was available at 6:27 AM UTC Feb 21...

Issue with Cortex XDR Windows Portable Device Policy Not Working

Hi community, We have assigned the Windows Portable Device block policy to some endpoints. However, we have observed that USBs are still accessible on those machines. For future troubleshooting, we need to verify whether the policy is correctly assigned and whether the endpoints are properly connected. Could you please provide guidance on ho...

XQL newbie

Hello everyone. We recently upgraded to Pro and this XQL stuff looks like an entirely different language to me still. I need some help if possible in getting started. I'm looking to build two queries. 1) I need to go through our AD infrastructure (CIE up and running) and find which devices do not have Cortex XDR currently installed as well as ...

CraigV123 by L3 Networker
  • 1819 Views
  • 2 replies
  • 0 Likes

Unconventional GP upgrade through XDR action script - works, but could use optimization.

I have a script to silently upgrade GlobalProtect clients to 6.2.2 using an msi, while avoiding disconnecting active users and reboots. It's simple and it works, but I looking to improve it by having successful upgrade status or reason for failure reported instead of just getting the success of the script. Also if the agent doesn't upgrade, I'...

cyvrlpc.sys caused BSODs on Windows 10 after update

Hi all, some of the users reported a BSOD after updating their Win10 endpoints. I'm thinking this might be due to the incompatibility between the driver and newest OS updates or something similar (looking into the stop code). Stop code: DRIVER_IRQL_NOT_LESS_OR_EQUALWhat failed: cyvrlpc.sysThe endpoints are on the latest Cortex XDR agent version...

image (2).png
  • 2601 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks