Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1258 Views
  • 0 replies
  • 3 Likes

User Message on IOC trigger

Hi,

 

We have enabled user notifications in agent profile settings, when an event like malware detection occurs it is displayed to the user immediately. However, it does not show a notification for an IOC. Can we make a message appear for an IOC even

...

Toutrial: Detecting Tor Traffic in XSIAM

Hi Everyone, 

 

Some members in the community have recently been exploring ways to detect Tor traffic within their environments. I’ve spent some time working on a solution to this challenge, and I wanted to turn that work into a dedicated post so mor

...

A.Elzedy by L2 Linker
  • 536 Views
  • 2 replies
  • 0 Likes

Repeated False Incidents with Unknown Verdicts

Hi everyone,

I’m currently facing an issue with Cortex XDR where I regularly receive incidents flagged as suspicious,

 

This particular one shows:

  • WF (WildFire) Verdict: Unknown

  • VT (VirusTotal): 0/64 detections

Every week, I keep seeing similar in

...

Resolved! Correlation Rules that detect tor browser

Hello,

We have decided to create a correlation rule in Cortex XDR to detect employees using the Tor Browser. However, based on our observations, it is possible to access the Tor Browser through a redirect from the Brave application, which is currentl

...

Cortex XDR API requests

Hi everyone,

 

There is an problem im facing with. The problem is -- Some of API requests are not shown in "Management Audit Logs". There is another API's which ones can be shown in "Management Audit Logs". Is there other option for this case? To col

...

OrkhanM by L1 Bithead
  • 399 Views
  • 1 replies
  • 0 Likes

Wildfire API for scanning before upload

Hi,

 

I want to scan files before they get processed or uploaded to a linux server, if the file is malicious it is blocked from being uploaded, if clean then it gets uploaded and processed.

Cortex XDR Prevent has on-write feature for windows only. I

...

jannette by L0 Member
  • 424 Views
  • 1 replies
  • 0 Likes

Cortex XDR Device Control Violation Query

Hi Team,

How can I check device control violations using an XQL query? I have tried the query preset = device_controlbut I am only seeing details for USB device violations. I am expecting to see Bluetooth violations as well. Is this possible? If yes,

...

Questions about IOC/BIOC Suppression rules

We are doing a (somewhat rushed) Cortex XDR implementation, and I am new to EDR things (in general). 

 

I created an IOC/BIOC Supp rule today for an issue with running the Guardian Browser (I'll let you know if it works), and while there I see 52 Sys

...

  • 2406 Posts
  • 89 Subscriptions
Top Solution Authors
Top Liked Authors