This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1478 Views
  • 0 replies
  • 3 Likes

Resolved! Excluding hash for particular machine

Hello Team,

 

- We have added one of the hash in the block list and it is quaratined.

- In one of the test machine we need this file for testing purpose.

- Is that possibke to exclude this hash from the particular machine?

 

Resolved! Legacy Exceptions removal

We're looking through the Legacy Exceptions and some are no longer needed.  To do this, do we need to activate them and then remove these exceptions? 

Also could I please confirm that these exceptions already exist in the system and by clicking acti

...

JasonHoMFT_0-1693966729791.png

Resolved! Manually update content version?

Is there a way to manually update the content version? I downloaded the agent install plus latest content version and I can't figure out what to do with the content version files or find a way to push the latest content version. This particular machi

...

enewman by L1 Bithead
  • 9457 Views
  • 5 replies
  • 0 Likes

Resolved! Cortex XSIAM + XDR

Hello dear community, 

 

who of you is using XSIAM? How is it?

Will XDR + XSIAM ever get together in one product? 

 

BR 

 

Rob

RFeyertag by L4 Transporter
  • 2830 Views
  • 3 replies
  • 0 Likes

Resolved! XQL filter o365 attachments

Hi,
 
I am trying to filter o365 attachments without success, could you help pls
 
sample
[ { "@odata.type": "#microsoft.graph.fileAttachment", "@odata.mediaContentType": "image/jpeg", "id": "AAMkADEzYjJhMzM1LTY0ODctNGUxOS05ZDc5LTQ2MW
...

Cortex XDR with VDI persitent Desktop

Hello,

 

We use the Vmware Horizon VDI solution in Instant Clone with FSLogix profiles and a dedicated machine based on a Golden Image (Automated, Instant Clone, Dedicated).

 

A user therefore always connects to the same machine, which is updated fro

...

Help with t XQL BIOC/Correlation rule

Hi ALL,

New to XDR world,  

I am have a XQL query against a 2FA log which looks for user login (fail or success) from 2 different countries in 3 hours. 

Query looks like  

dataset in (XXX_raw)
| filter eventType = "User.Login" // look for  login events
|

...

  • 2441 Posts
  • 88 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks