This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4323 Views
  • 0 replies
  • 3 Likes

Using XDR Asset Inventory and XQL to report of machines without Cortex installed

Hello All I would like to use Asset Inventory to provide a list of each machine with os Windows and without Cortex agent installed. The goal is to use the result in a widget for the dashboard if possible. Even better would be an api to use it with our monitoring software PRTG. I am new to XQL and have not managed to create a query for the host...

USB Drives Are Blocked - Want to Enable for Certain Endpoints

Hello, We are very new to having XDR and our onboarding was not very well done. They ended up doing everything on their own and struggling with it all; having mulitple people on the call to show our onboarder how to do things, etc... It was not very helpful for us. I am looking to either: 1. Edit the original policy for our Windows Endpoin...

Cortex XDR XQL Query

Hi Team, Could you please provide us with the XQL query to retrieve the reasons behind the "Agent Disconnected" and "Connection Lost" statuses from Cortex XDR? I have attempted to create a query, but I haven't obtained any results. Please assist me with this.

Resolved! Summarise XQL results by hostname

Is it possible to group\count\summarise results from an XQL query by hostname rather than seeing every entry for every event? for example: dataset = xdr_data| filter event_type = FILE andactor_process_image_name contains "Something" is there someway I can just summarise or count the number of events per hostname rather than output every eve...

Cortex XDR Pro - 8.2.0.46438 - Agents Disconnected - service state "stopping" how to monitor that?

Hello dear community, today I ran into some issues with the version mentioned above. I know it got hotfixed, but when you cannot install an upgrade and cannot uninstall the agent, I get challanged 🙂 You need to uninstall it directly after restart, when the service works. The service gives up some minutes after restart. In my scenario the ...

RFeyertag by L4 Transporter
  • 4763 Views
  • 3 replies
  • 1 Likes

Cortex XDR VM Broker Cluster and External Load Balancer

Hi All, I have 3 Broker VMs deployed in my Google Cloud project and I want to create a cluster from them. I also want to put a load balancer in front of the cluster as mentioned in the documentation "For "active/active" applets that require load balancing, you must install a Load Balancer in your network to distribute the incoming data betwee...

fppsglbl by L1 Bithead
  • 2897 Views
  • 4 replies
  • 0 Likes

Querying BitLocker status on a certain endpoint

I am aware of "Disk Encryption Visibility" where we can see the encryption status all volumes under any endpoints. But it appears we can't filter on this field (Volumes Status). Is there any way at all to programmatically answer a simple question like 'is volume X on endpoint Y encrypted?' or 'what endpoints don't have all volumes encrypted?' ...

tmeksik by L2 Linker
  • 1308 Views
  • 1 replies
  • 0 Likes

Exception and exclusion tips & trick / best practices

Hello, I'm looking for best practices or guides on how to add exceptions and exlusions in Cortex XDR. All I found was this LIVEcommunity video - https://www.youtube.com/watch?v=dlbxibEtxR8, but it was added before Disable Prevention Rules was available. It think this feature changes a lot regarding this topic. What do you recommend using and...

Resolved! Find file hash sha256 when i know the filename

Hello team, Hopefully someone can help me with my problem . I have a list of application name from Host Insights but i can't find the sha256 of the files anywhere. I need to investigate them to see if they are malicious or not . I used the following query but it doesn't return anything : "dataset = xdr_data |filter action_file_name = "fil...

Resolved! Vulnerability Assessment Applications / host insights addon

Hello dear community! From my perspective, this documentation brings more questions, than answers. There is written cortex does not collect CVEs for Applications. " Cortex XDR lists only CVEs relating to the operating system, and not CVEs relating to applications provided by other vendors. " Then its written " Cortex XDR ca...

Cyber1985 by L3 Networker
  • 11006 Views
  • 12 replies
  • 0 Likes
  • 2590 Posts
  • 97 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks