Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Resolved! XDR Log and Quarantine Disk Space Retention

Hello-

 

Does anyone know the following details to how the product manages the retention for logs and quarantine?

I understand you can set the log quota to a specific size.  This will leverage that on local disk.  What I am not clear on are the followin

...

Cortex XDR XQL Query


Hi, 
I wanna sort my query as operational_status in (UNPROTECTED, PARTIALLY_PROTECTED) everyday (Like from Monday to Sunday Statistics) 
My query looks like this 
config case_sensitive = false
| dataset = endpoints
| filter operational_status in (UNPROT

...

Resolved! LSASS creating a cache1.bin on appdata

We have an alert on 2 different device that LSASS is creating a cache1.bin on app data.

All are created by NT\SYSTEM

 

Location detected

C:\Users<my username>\AppData\Local\Microsoft\Windows\SFAP\cache1.bin

C:\Windows\ServiceProfiles\UIFlowService\Ap

...

Winget Command

Hello dear Community,

 

I have the following problem: I can’t use the Win-Get command on the XDR terminal in Cortex. Can someone help me to make this command executable on the PowerShell XDR terminal.

 

 

FRafuna_0-1723637086115.png
F.Rafuna by L0 Member
  • 729 Views
  • 3 replies
  • 1 Likes

Cloud Identity Engine

Hi Community,

 

We have integrated the Cloud Identity Engine into the environment. Currently, the Palo Alto Hub page shows the Cloud Identity certificate expiring in a month.

 

We checked the Palo Alto article https://docs.paloaltonetworks.com/cloud-

...

Resolved! json_extract_array do not return result

I've got json like below and trying to extract each key_name via json_extract_array but getting empty column vendor

query is

dataset = host_inventory

| fields application as aps

| alter vendor = json_extract_array(to_json_string(aps),"$.key_name")

 

...

XDR Agent 8.5.0.2457 on macos 14.5

Hi community,

 

After my laptop upgrade to the last version of xdr agent i get the following:

 

Randomly the system looks as if it's loading and after a few seconds it's back to normal. the machine doesn't crash but the mouse keeps showing the hourgl

...

LEYA-DSI by L1 Bithead
  • 705 Views
  • 4 replies
  • 0 Likes

Resolved! Cortex XDR Cloud Compliance

Hi Community,

 

We have enabled the Cortex XDR agent Cloud Compliance on certain Linux machines. The configuration was successfully completed, and the Cloud Compliance tab is visible. We are interested in retrieving the Cloud Compliance data using an

...

  • 2014 Posts
  • 81 Subscriptions
Top Liked Authors