This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Resolved! Unable to install XDR agent in Window server 2019 and 2022

Hi I have issue installing Cortex XDR 8.2.0.45438 on both 2019 and 2022 Server. with error logs below: ExecServiceStartCA: Service: cyserver ExecServiceStartCA: Error 0x800705b4: Service failed transition to 4 state (current state 1) ExecServiceStartCA: Error 0x800705b4: Failed, retrying (attempt no. 1)... ExecServiceStartCA: Error 0x8...

Resolved! Evasion Technique - 3348100960

“Behavior of hiding RWX code by modifying it to RX” I've been seeing this alert that is considered high criticality and is blocking Windows updates. Everything I can see says that this is benign. XDR is saying that the Windows process is a non-whitelist CGO. I've verified that this is the legitimate Microsoft WerFault.exe There is no desc...

CharlieJohnstonNTS_0-1699971904273.png
CharlieJohnstonNTS_1-1699972124759.png
CJNTS by L2 Linker
  • 2740 Views
  • 1 replies
  • 0 Likes

Deploying Cortex XDR Agent for macOS with VMware Workspace ONE (AirWatch)

In order to deploy the Cortex XDR Agent to macOS you have to have both the Config.xml and Cortex XDR.pkg files bundled in the same deployment file. Workspace ONE does not support the uploading/deployment of a .zip file so you have to use a workaround. Cortex XDR Agent Application:1. You will first need to pull the Cortex XDR Uninstaller out of ...

BWilga by L0 Member
  • 7640 Views
  • 5 replies
  • 3 Likes

Cortex XDR trail version for testing purpose.

We are trying to integrate the Cortex XDR incident logs to Splunk using the API pull method. We customised the Splunk TA taking reference from the Splunk TA for Palo Alto NW. So is there a trail version of Cortex XDR available in order to test the integration using API or is there any other ways to test the custom made Splunk TA?

RK21VTH by L0 Member
  • 2242 Views
  • 1 replies
  • 0 Likes

Script for Agent Upgrades

Does anyone know of a way to build/apply a script in XDR that would perform agent upgrades at scheduled times? Example: upgrade to latest agent version on 10 endpoints starting at 8PM on Saturday.

Disk Decryption on MAC OS

Hi Everyone, I'm seeking for help on how to decrypt the drive on MAC OS after the encrypting the drive using the Cortex XDR Tenant/Console? I tried to check and use on this documentation guide by Palo Alto Networks but I think it is not working or do I miss something. https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Admin...

EJaspe by L1 Bithead
  • 1885 Views
  • 3 replies
  • 0 Likes

XDR and XSOAR mirroring fails

Hi, I have XDR integrated with XSOAR for bidirectional incident mirroring... The strange thing is that when I close incidents in XSOAR as false positives, they appear as 'Resolved other' in XDR via the API...If I close incidents as false positives in XDR through an automation rule, they remain open in XSOAR... Does anyone know what this migh...

tlmarques by L4 Transporter
  • 1747 Views
  • 2 replies
  • 0 Likes

Resolved! exclusions vdi non-persistent

Hello, does anyone know if there is any document that tells us which folders and subfolders we should exclude from XDR when using Citrix and VMware Horizon with non-persistent VDI? In Palo Alto's documentation, I don't see anything specific except for the app layers. However, both Citrix and VMware request the exclusion of many folders from th...

tlmarques by L4 Transporter
  • 3772 Views
  • 3 replies
  • 0 Likes

Resolved! How to use two datasets in a query

Hi, I hope you can shed some light. I am attempting to run a query to find out what system is running what applications including the username. I have this query which gives me what I need except the "user" which is a field in another dataset xdr_data. How can add this new dataset to get the "user" field? Thank you config case_sensitive = fal...

Application Severity Score

Hi, I noticed a "Severity Score" in Applications under Host Inventory but there doesn't seem to be any scoring happening. Is this apart of a license we may not have or does this not function the way I would imagine? I assumed maybe CVEs for applications would be listed here.

DopedWafer_0-1700080391735.png

AWS tags in the Cloud info field?

We have hundreds of AWS assets with lots of information in Cloud Info, but none have anything in the tags field. Has anyone else seen (not seen) this?Just to clarify, I am not talking about Cortex XDR tags. Thanks

PCTomS_0-1697840876761.png
PC-TomS by L3 Networker
  • 1577 Views
  • 3 replies
  • 0 Likes
  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks