This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4396 Views
  • 0 replies
  • 3 Likes

Resolved! Cortex XDR flagged malicious macros

Hi team Cortex XDR keeps generates hundreds of alerts due to suspicious macro detected in my network. Severity : HighAlert Source : XDR AgentAction : Detected (Post Detected) Category : MalwareExtensions : .xls .tmp .xlt .xar Seems Cortex deletes all kind of files that has macros , but in reality those are not malicious. "alerts_table": {"aler...

chawki by L0 Member
  • 5480 Views
  • 5 replies
  • 4 Likes

Resolved! XQL Query - Machine Custom Reports

Hello, good afternoon. I currently have a few machines and xDR installed on them. I need to make a weekly report with the information of the machines and the scan previously configured. Currently, what I have configured using XQL Query: -> Checks if the scan was performed well or not. //########### Linux - Ubuntu 20.04LTS dataset = endpo...

Can we run the XDR on separate port apart from 443?

Hello All, For 1 server we are facing the compatibility issue as the port 443 is required to upload some data for business purpose and that port is also required for the communication of Cortex agent with cortex server. Can we use some other port for the communication? Thanks in Advance, Regards, Sakshi Seth

Windows Explorer - Internal Error: Memory Application Failure

hello, i have an issue with a specific device on-site that is showing the following error.   the user on the device accesses a large number of files on USB drives, fluctuating hundreds of GB per day. she will receive the following error before explorer crashes and must forcibly reboot. the device has 64GB of memory, 500GB m.2 boot drive, a 2...

cortex xdr.png
cortex xdr 2.png

Resolved! XDR Console Access

Hello, Sometimes, I cannot access to the XDR console. It is just loading but nothing showing, just a white page. I have internet access. It happens sometimes and after about 15 minutes, the problem disappears. What can be the reason for that?

Resolved! Cortex XDR

Hi Community , i Had Came Across Some of the Questions Regarding Cortex Xdr , Hope you'll help me with Narrow Down The Rabbit Hole 1. Why the Cortex scanning the files on the Endpoints that has the benign Verdicts in the Scanning Phase . 2. There are Few Factors on that we can Decide that File is Malicious or Benign i. Based On the E...

Yayati by L0 Member
  • 3296 Views
  • 1 replies
  • 0 Likes

Resolved! Automatic updates from Cortex XDR in Intune

Hi Everone! Hope you can help me 🙂 I have acustomer use both Cortex XDR on their endpoints for monitoring, and Intune for app deployment etc. When receiving a new PC, it is configured through Intune. However, currently, the customer has to manually access Cortex, download the latest version, and then add it to Intune. They find this process t...

Resolved! Dataset name change

Hello, I have linux logs which comes as:[INGEST:vendor="unknown", product="unknown", target_dataset="unknown_unknown_raw", no_hit = drop] It is collected under the dataset name called "unknown_unknown_raw". But I want to change its dataset name to something else. How can I do that?

Resolved! Export/Import filters

Hi, In the Host Inventory/Applications I can filter programs then save the filter and open it when needed. However it would be very helpful if I could export this filter, modify it in editor and import again. Is any way to do this? I'm just trying to exclude decent number of application from my view and adding them manually to the filer in dashb...

Deploy Cortex Agent via Intune

Has anyone managed to successfully deployed the Windows Cortex agent via Intune? I have an app configured and deployed, but it's not working as expected. Likely because of the App protection policy in Cortex. I have version checking in the App turned off as I want Cortex to do the updates, all I want is the initial client install on Autopilot ...

CORTEX XDR - Endpoint delete

Good morning dears, I want your opinion, I have devices disconnected for a long time (3 months) so I am planning to delete from the console and recover the licenses. My question is whether the device will have problems uninstalling when it is reconnected at some point. I will be attentive to your comments. KIND REGARDS​

  • 2611 Posts
  • 98 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks