This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4332 Views
  • 0 replies
  • 3 Likes

ingested data retention - 30 days

Hi guys, I've purchased PAN-XDR-PRO-GB SKU and i've noticed we get 30 days of ingested data retention and 180 days of incident or alert retention. Can we keep ingested data for more than 30 days? and/or incident alert retention for more than 180 days? is there any SKU's for that? Thanks Cortex XDR

NormSil by L0 Member
  • 2234 Views
  • 1 replies
  • 0 Likes

Resolved! Large Upload(Generic) Microsoft Teams alerts

Hi Team, We are receiving more alerts 'Large Upload (Generic)' generated by XDR Analytics from Microsoft Teams (ms-teams.exe) and i checked the IPs - Microsoft Corporation (ISP) and Domain -microsoft.com. I need an answer to the following questions: 1. How the alerts are getting triggered 2. How to Reduce it /mitigation 3. How to investigate ...

Vijisaga by L1 Bithead
  • 3888 Views
  • 6 replies
  • 1 Likes

Using XDR Asset Inventory and XQL to report of machines without Cortex installed

Hello All I would like to use Asset Inventory to provide a list of each machine with os Windows and without Cortex agent installed. The goal is to use the result in a widget for the dashboard if possible. Even better would be an api to use it with our monitoring software PRTG. I am new to XQL and have not managed to create a query for the host...

USB Drives Are Blocked - Want to Enable for Certain Endpoints

Hello, We are very new to having XDR and our onboarding was not very well done. They ended up doing everything on their own and struggling with it all; having mulitple people on the call to show our onboarder how to do things, etc... It was not very helpful for us. I am looking to either: 1. Edit the original policy for our Windows Endpoin...

Cortex XDR XQL Query

Hi Team, Could you please provide us with the XQL query to retrieve the reasons behind the "Agent Disconnected" and "Connection Lost" statuses from Cortex XDR? I have attempted to create a query, but I haven't obtained any results. Please assist me with this.

Resolved! Summarise XQL results by hostname

Is it possible to group\count\summarise results from an XQL query by hostname rather than seeing every entry for every event? for example: dataset = xdr_data| filter event_type = FILE andactor_process_image_name contains "Something" is there someway I can just summarise or count the number of events per hostname rather than output every eve...

Cortex XDR Pro - 8.2.0.46438 - Agents Disconnected - service state "stopping" how to monitor that?

Hello dear community, today I ran into some issues with the version mentioned above. I know it got hotfixed, but when you cannot install an upgrade and cannot uninstall the agent, I get challanged 🙂 You need to uninstall it directly after restart, when the service works. The service gives up some minutes after restart. In my scenario the ...

RFeyertag by L4 Transporter
  • 4770 Views
  • 3 replies
  • 1 Likes

Cortex XDR VM Broker Cluster and External Load Balancer

Hi All, I have 3 Broker VMs deployed in my Google Cloud project and I want to create a cluster from them. I also want to put a load balancer in front of the cluster as mentioned in the documentation "For "active/active" applets that require load balancing, you must install a Load Balancer in your network to distribute the incoming data betwee...

fppsglbl by L1 Bithead
  • 2908 Views
  • 4 replies
  • 0 Likes

Querying BitLocker status on a certain endpoint

I am aware of "Disk Encryption Visibility" where we can see the encryption status all volumes under any endpoints. But it appears we can't filter on this field (Volumes Status). Is there any way at all to programmatically answer a simple question like 'is volume X on endpoint Y encrypted?' or 'what endpoints don't have all volumes encrypted?' ...

tmeksik by L2 Linker
  • 1310 Views
  • 1 replies
  • 0 Likes

Exception and exclusion tips & trick / best practices

Hello, I'm looking for best practices or guides on how to add exceptions and exlusions in Cortex XDR. All I found was this LIVEcommunity video - https://www.youtube.com/watch?v=dlbxibEtxR8, but it was added before Disable Prevention Rules was available. It think this feature changes a lot regarding this topic. What do you recommend using and...

  • 2593 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks