Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi All,
Can anyone answer a few questions about Cortex XDR Broker VM?
If the Broker VM is being used as a proxy, do the hosts connecting to the Broker VM need to be on the same subnet as the Broker VM or can they communicate with the Broker VM via th
...
hello,
i'm facing this issue when i try to configure the ip addresse of the proxy so i can send logs throught brokerVM:
C:\Program Files\Palo Alto Networks\Traps>cytool proxy set "X.X.X.X:YY"
Enter supervisor password:
RpcClient: SendRequest: Error 13
...
Hello. I'm looking for a 10,000 foot overview explanation that people may have used in the past or anything written up by Palo Alto? We have a lot of people who are used to the way legacy AV systems work and relied heavily on setting recommended excl
...
hello,
i'm facing an issue will adding proxy setting using a command cytool i recieve this error "cytool is not recognized as an internal or external command, operable program or batch file."
any help please.
BR.
I am looking for any input on how other customers are handling situations where:
1. The agent is installed on a host and says it is checking in, but it does not appear in the Cortex XDR Console
2. The agent is corrupt and has stopped reporting back (d
...
Hi all, I am i need of assistance - how should I go about investigating an incident created by the "Failed Connections" alert?
I run malware scans on the host that raised the alarm, but what can I do beyond that?
I should also mention that whenever su
...
Hi,
I am receiving lots of duplicate incidents on my Cortex XDR console. Can anyone please help on how to suppress or stop the duplicate incidents to trigger again and again?
Regards
Hello,
i'm facing an issue after deleting brokerVm from the console management, i'm not able to add it again, any help for this issue??
BR.
Hi Expert,
Please help me to create custom BIOC rules for the testing.
My company want to create rules bioc informational if We create/delete spesific file in spesific folder, and the information will appears in incidents.
Is it possible?
If is it poss
...
Hi,
I want to know if I delete the connection lost system, will it delete the XDR agent installed on that system as well? Or the agent will still remain there?
Regards
Hello everyone,
Do excuse me for my rather lack of experience. I was wondering if there was any way for me to connect a VM broker that acts as a proxy for it to allow an offline endpoint to be connected to the internet?
I appreciate any advice given
...
When an IT admin uninstalls Cortex XDR from an endpoint does it remove that endpoint from the XDR Console?
When they use the Agent Cleaner to remove XDR from an endpoint does it remove that endpoint from the XDR Console?
We are running into duplicate e
Hi all,
I have a question about the analytics engine - how long does it take for it to establish a baseline?
I had it enabled yesterday and it started to give out alerts during the night, in the span of several hours.
seems like a rather short time to
...| User | Count |
|---|---|
| 8 | |
| 4 | |
| 3 | |
| 2 | |
| 2 |
| Subject | Likes |
|---|---|
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes |
