Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Discussions

Sorted by:

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

Rules and Best Practices

Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion

...

Hunting for Keywords - How to do that in Cortex xdr Pro?

Hello dear community,

how could this keywords be integrated into cortex xdr pro?

https://mthcht.github.io/ThreatHunting-Keywords/

happy hunting!

Rob

Cortex XDR | Azure AD Single Sign On Unauthorized. Error 4011

Hello all,

I am trying to setup SSO on my XDR tenant but I am getting the following message when login in
Unauthorized. Error 4011

In the console, the status is 401 Unauthorized

I followed this video https://www.youtube.com/watch?v=nwF3hY3wgc0

...

Resolved! WMIC MDE exclusions

Hello dear community,

do we need to setup our own bioc, or will this come as a standard rule from PA?

https://twitter.com/malmoeb/status/1671453836605550592

Rob

Resolved! Server certificate for host is not allowed

hi,

I have this message on more windows server 2019(vmware environnement), after install cortex 7.1:

Server certificate for host is not allowed: error=19, message=self signed certificate in certificate chain

HTTP request failed due to an SSL error (0)

...

broker vm showing disconnected in xdr console

why brokervm showing disconnected in xdr console how to do get to know what had happen and how get in connected state.

Resolved! install cortex aarch64

Hello,

we wonder if we can install cortex aarch64 on a raspbian.

Does anyone try that?

Thanks

Resolved! Cortex XDR Pro on Linux Mint

I am having an issue with an installation of XDR on Linux Mint 20.

I found this post with no resolution and one of the comments from @MartinSauer suggests someone else was seeing the same issue.

LIVEcommunity - ERROR:14090086:SSL routines: SSL3_GET_

...

Resolved! What are the capabilities of Cortex XDR without endpoint agents which ingest Logs and data From third EDR like MDE ?

Hello,

I'd like to hear from people who have worked with Cortex XDR without the Cortex XDR agent.

The scenario is as follows:
The machines (workstations and servers) are protected by a third-party EDR solution (e.g. Micrsoft Defender for Endpoint)

...

How to block Otter.ai bot feature through cortex xdr

Hello All,

Otter.ai is the one of the bot feature that automatically join the meetings and there is the no any software for the windows that software available for the mobile only .

Is there any way to block it through cortex XDR.

Thanks in adv

...

Mystic Stealer

Looking for information about Mystic Stealer. Does cortex have any content updates for it yet?

Resolved! Some Cortex XDR events are not displayed in the endpoint client's events tab

Hi,

We recently onboarded Cortex XDR and some of the detections are not displayed in the Cortex client's Events tab. But I can see them in the Cortex XDR console.

As an example I can see Prevented (Blocked) malware in both cloud console and the en

...

How to allow software for specific user

We are going to block the software by hash or process if in the future user requests an exception for a specific endpoint and how to create an exception for one particular endpoint and allow the software