Hey guys, I am curious about if there is a way to find out which Endpoints in certain environment do not yet have XDR Agent installed.I still two options, but had no practical experience in testing it: 1. Directory Sync with Cortex XDR. Would it dete...
Hello! On all our endpoints we are using XDR with firewall(Uses built in Windows firewall) and Palo Alto GlobalProtect VPN connecting to PanOS devices at our office. We use split tunneling for the VPN, that means that only specified traffic goes thro...
Hi there, When we are trying to target a policy using AD group some of the listed endpoints is not a member of selected group.To get more clarity we selected a group which only contains users and even then the result listing some random endpoints.Is ...
Hi All, I know it is a stupid question but I am encountering this situation that we need to install Cortex XDR working with Carbon Black (it's a long story). May I know if anyone experienced this before or any suggestions on exclusion? Thank you so m...
Hello Live community, I have a question about the report on Cortex, i want to know if the “Infected Endpoints” comes as default in Cortex reports or if we need to configure something to show that option?Do the widgets "incidents by source" or "Top in...
Can Cortex XDR prevent the use of other USB devices other than Disk Drives, CD-Rom Drives, and Floppy Disk Drives? If one of my users plugs in a printer, can that be denied? Can the same be done with SD cards?
Hello, Configuring host firewall via XDR and I cannot seem to get the Windows environment variables running.Basically, there's an implicit deny for inbound/outbound connections, so there are applications that require some internal/localhost connectio...
Hello LivecommunityI believe there are Palo Alto representatives that do some level of monitoring and participation in this Forum, would they or someone know where you provide feedback to enhance notifications such as the one listed above, that descr...
Hi everyone! How much space do the cortex xdr agent records use? I understand that in the agent profile configurations you can set the quota for log storage, by decreasing the quota the logs are automatically purged ??, for the last one on my machine...
Hi Does Traps Cortex XDR, has prevention for SolarWinds Orion Backdoor Supply Chain Attack (Sunburst/ Solorigate)?
How do I set up MFA for admin access to the Cortex XDR console?
Hello all, Beginning on or around 14/15 December, I began to notice we were commonly generating the following Alerts in Cortex:Alert name: Threat ID #8002Description: Scan DetectionAlert Source: PAN NGFWCategory: Scan Detected via Zone Protection Pro...
When adding IOC's to XDR, adding a comment is a useful way to keep track of where the IOC originated from. When an alert is triggered from that IOC, the analyst can review the IOC rule and read the comment for context. When 'bulk' uploading, using a ...
Hello everyone,Just curious who uses the Directory Sync tool out there? If you use it would you mind sharing a quick like/dislike about it? I really want to incorporate it into our environment but not entirely sold on it... yet. Any feedback about it...
The Cortex XDR version upgrade on my computer is not progressing from "In progress".When grouping and upgrading some agent has stuck on "In Progress" situation, we cannot even cancel and stop it.Even rebooting the computer and then upgrading again do...
on:
Auto Scan For External Devices
on:
Auto update XDR agent when new station connects.
