Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Cortex XDR - File Exceptions

Hello,

 

Could you please help us to understand few queries related to exceptions:

 

1. How do we create global exceptions for the file paths.
2. Adding exceptions for the files in endpoint scanning module of the profile will only exclude these files

...

Global Exceptions

Hello,

 

We need to add a global exceptions on the paths. Currently we have added file paths in endpoint scanning allow list. So can you confirm if we exclude in this scan does it applicable for other profile like Portable Executable and DLL Examinat

...

Cortex XDR Blockage activity

If anything needed executable are blocked by the XDR previous we used to add that ***.exe in malware profile. But now we faced that issue that client has connected the clickshare(PC Screen Share) Equipment as it's an external equipment connected to U

...

Resolved! XQL to get characters from Host Name

Hello All:

 

Our host_names are formatted the same across our fleet.  I'd like to pull out the 5-8 characters in the hostname.  We've tried using trim, ltrim and rtrim, and even with them nested.  Any suggestions?

 

In this example WX260920162Q2R

we

...

Resolved! Cortex XDR Content Update Testing

Does Palo Alto perform any testing on minor content updates for Cortex before publishing them?

 

I'm looking for any documentation that outlines this testing (if any) to support a compliance requirement.

Resolved! Too much Forensic Data

Hello dear community, 

 

how do we delete the collected forensic data? Is there a option to do this? I was testing around with the forensics addon and collected from some agents, but now I want to get rid off.

 

Example Screenshot

 

 

Thanks

 

BR

 

...

RFeyertag_0-1677284837716.png
RFeyertag by L4 Transporter
  • 2327 Views
  • 5 replies
  • 0 Likes

Resolved! Firewall logs to Cortex Data Lake log buffering

Hello,

 

For firewalls managed with Panorama there's a setting in Panorama "Buffered Log Forwarding from Device" which tells the firewall to buffer it's log in the case of loss of connectivity with Panorama.

 

Does anyone know if there is an equivale

...

  • 2078 Posts
  • 82 Subscriptions
Top Solution Authors
Top Liked Authors