Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 760 Views
  • 0 replies
  • 2 Likes

Resolved! Exclusion process cortex?!

Hi,

How can I create an exclusion in Cortex XDR to stop it from scanning a specific executable??

We have a critical software in our company, and we've noticed that Cortex is constantly analyzing it, causing the machine high CPU and MEM.

How can we excl

...

tlmarques by L4 Transporter
  • 1834 Views
  • 2 replies
  • 0 Likes

Custom Parsing Rule - Cohesity

 

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets

 

The only known issue I'm seeing so far is the logs get dupl

...

Role based privilege's

Dear Team,

As per the client requirement, Kindly suggest for the role based privilege's that can be assigned L1 and L2 users accordingly.

where L1 is lower level engineer and L2 is above L1.

Powershell problem

Hi forum,

I have a problem with PowerShell, specifically with the file located at C:\Program Files\Winget-AutoUpdate\winget-upgrade.ps1.

When I restart the computer, Cortex send alert appears regarding winget-upgrade.ps1.

I created a disable preventi

...

Resolved! Endpoints with Public IP

Hi All, looking for some help here on creating an XQL query to search for any endpoints that are assigned public IP addresses. I searched and didn't see anything in the Live Community that already speaks to this. 

I appreciate any support you can prov

...

Cortex XDR AWS Marketplace

Hey,
I've recently purchased Cortex XDR via the AWS Marketplace - I haven't gotten an email or indication that my Cortex XDR instance has been created or what it's status is.

Would love some help with this!
Thanks,
Itai

itay by L0 Member
  • 347 Views
  • 2 replies
  • 0 Likes

Resolved! Dump alert data Analysis

Does anyone know how we can and how we should analyze a dump file when we do a retrieve alert data on Cortex XDR #

I've alerts related with memory dump, normally initiator is excel, and 99% i think the cause is excel crash or file have macros/vba ins

...

tlmarques by L4 Transporter
  • 503 Views
  • 1 replies
  • 0 Likes

Unauthorized - 4010402

Hi Community,

Has anyone encountered the "Unauthorized - 4010402" error when trying to log into their tenant account? I attempted to log in, but I received this message. Does anyone know what could be causing this issue or how to resolve it?



Thanks i

...

userLoginName_0-1741586157475.png
Y.Zalsov by L1 Bithead
  • 525 Views
  • 3 replies
  • 1 Likes

Resolved! Cleanup endpoint and CVE List

Hi,
I need your help to understand if there is an option on Cortex XDR to periodically clean up the endpoint list (for lost connections) and remove any vulnerabilities associated with those endpoints.

tlmarques by L4 Transporter
  • 429 Views
  • 1 replies
  • 0 Likes

Resolved! XDR agent quota exceeded

We were monitoring the XDR Agent Audit logs and found out a lot of agents have this alert Quota Exceeded: "XDR agent quota exceeded on ******."

Can anyone explain this? 

Cortex XDR Connection method

Hi, While monitoring network traffic during our deployment, we noticed that all traffic between the endpoint and the XDR portal (<xdr-tenant>.xdr.<region>.paloaltonetworks.com) is one-directional (outbound).

 

We have private Linux servers in a separ

...

  • 2284 Posts
  • 86 Subscriptions
Top Solution Authors
Top Liked Authors