Cortex XDR
Can I disable the Cortex XDR on anyone of the endpoint(workstation or server) for temporary purpose from the XDR Console.
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Can I disable the Cortex XDR on anyone of the endpoint(workstation or server) for temporary purpose from the XDR Console.
Hello,
Is it possible to know the following :
1. Whether BIOC rules generate alerts/incidents in case there is a match for Custom prevention rules.
2. Any method to bulk hash blocking using Action center.
3. If we are hosting
...
Is there a way we can identify cluster and namespace details for k8's and not just nodes and containers
I'm trying to block domain across in our environment. I don't want to use url filtering on PA FW, but I want to use XDR IOC to block it. is possible to do it?
Hello dear community,
As you know, weekends and on holidays the priority of alerts rises.
Is there a way to trigger in XQL Rules which are only fired on weekends and on self selected holidays?
Like on weekend anybody who opens powershell trigg
...
We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.
Are there any talks about Cortex XDR support for Windows 11 ARM?
Hello,
I have used the below query to get the number of the operating system.
dataset = endpoints
| filter endpoint_status = CONNECTED
| alter operating_system = to_json_string(operating_system)
| alter operating_system1 = regextract(operating_system ,
If we keep Agent Status Configure the Cortex XDR Agent license revocation and deletion period connection lost as 30 days and Agent Deletion days as180 days will the entry be deleted from the console will it delete logs also for the deleted entries be
...
Does anyone know a way to search DNS requests from an Endpoint? Seems like it should be possible with XQL Query but I can't find the right fields.
I have witelistet choesity agent but i keeps trigger
PowerShell script executing with iex from suspicious script source - Behavioral threat detected (rule: dotnet_iex_suspicious_source)
Sep 30th 2022 16:04:40 SYSTEM powershell.exe 25384 29488 Proc
is there any way that i can search bulk of endpoint in cortex xdr in one go or any other way to search the endpoints, as one and one to enter in console and search is very hectic.
Hi all,
is it possible to use a broker vm just for network mapper without using it as a real broker vm?
I don't need to modify my Cortex installation way of working, I just want to scan my network for missing cortex installation.
Thanks
Hi,
we are the delete endpoint option from all endpoints by right-clicking..
But they keep on appearing back on XDR any reason why?