Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

[Network location] - too long to check location

Hi community,

 

Does somebody is using Cortex XDR - Network Localtion (from agent settings profile).

 

My problem is that the network location is too long, specifically when users comme back to our office from their own internet connection, internal

...

Cortex XDR not detecting malicious files

Hi ,
Why Cortex XDR is not detecting malicious files which are present in system.
for testing purpose I have downloaded a test malware also but it is not reflected after the malware scan.Can anyone please give clarity on this.
Does Cortex detects malici

...

Block logs to Data Lake from specific endpoint

Hello,

 

I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it.

Is there any way to block/preven

...

tntrust by L1 Bithead
  • 1685 Views
  • 4 replies
  • 0 Likes

Endpoint Operational Status

Currently, our devices are unprotected state and partially protected state due to disk consumption. 

Is the data in the cortex xdr incrementive or does it delete itself after sometime ? 

What is the possible solution for this issue ?

 

How do we diff

...

Resolved! Cortex XDR PoC Lab ft. CVE-2021-3560

 

 

PoC Lab ft. CVE-2021-3560

By: @mfakhouri

 

Table Of Contents

Executive Summary

What was CVE-2021-3560?

What Does Privilege Escalation Entail?

How is Polkit Supposed to Work? 

Cortex XDR at Play 

Overview of Lab Setup Script 

Adversary Motion

...

CortexLogo.PNG
twolinefix.PNG
linuxbasicpermissions.PNG
examplepolkitauth.PNG
mfakhouri by L3 Networker
  • 4938 Views
  • 4 replies
  • 7 Likes

Resolved! Cortex uninstall/removing issues - reminisces and files related to the Cortex XDR are left on the hard drive and cannot be removed from the endpoint.

Dear Live Community Members,

 

My customer is facing issues when trying to remove Cortex XDR.

In short, uninstalling the software is not removing all the config, and it gets all the old settings back, like the broker and other stuff.

We even used th

...

Resolved! An endpoint with the Cortex XDR installation intermittently creates a huge file and writes to the hard drive at C:\Windows\System32\PaloNull

Dear Live Community Members,

 

One of my customers noticed that some endpoints with the Cortex XDR installation sometimes creates a huge file that grows in size with time.

On several VMs equipped with the Cortex Agent (version 7.7.1, but we also noti

...

PalNull.png
PaloNull_1.PNG

Partially Protected - Operational Status Data

Hi!

 

I have a machine with Operational Status Data as:

 

Xdr Data Collection Not Running Or Not Sent

Module is disabled by Adaptive Policy

 

Btp Not Working

Module is disabled by Adaptive Policy

 

How can I remediate this machine so that its status

...

ndrmndz by L0 Member
  • 3908 Views
  • 3 replies
  • 0 Likes
  • 1842 Posts
  • 78 Subscriptions
This widget could not be displayed.
Top Liked Authors