Resolved! A question from a Customer Success Office Hours session: Alert Exclusions
How do I filter out excluded=Yes Alerts. I'm getting emails about alerts that are already excluded?
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
How do I filter out excluded=Yes Alerts. I'm getting emails about alerts that are already excluded?
Recently i have noticed that there is another folder which has been created under PA Cortex folder as below:
"C:\Program Files\Palo Alto Networks\Cortex XDR Health Helper"
Inside the Folder there is PE which is xdrhealth.exe, what is the purpose of t
...
Hi,
I need to get the correlation between url that are being access and found through url filtering in PA FW and xdr agent that shows me which machine are accessing this url.
In Cortex XDR I can see the the log from PA Firewall, source ip it is our
...
Alerts(incidents) are getting generated from the machines which are Not showing in the endpoints(Not reporting to console)list. what would the issue or backend path
Hi to everyone.
We have anti-ransomware feature set in "aggressive mode"
The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem pers
...
Hello,
Can we please get the command to Install 7.8 agent on top of the existing agent for Linux servers.
If the client needs to uninstall the Cortex XDR it asks for the password, So need to change that password, what is the path and will be any impacts on the systems which are with agent installed?
Hi All,
The customer is trying to uninstall the old agent version as they are not reporting to the console and installing the latest version.
There are 1000+ machines in the infra and they are planning to do this via a centralized tool.
Please su
...
Whenever we use arrayindexof() function with host_inventory dataset we get an error (Failed to run) but whereas when we run with dataset of xdr_data we get a success response message.
Please run the below XQL query: (Status == Success)
config case_
...
As different Cortex XDR Policy profiles can be pushed to different users, it is sometime required to find out what is the current XDR Policy Profile used by a particular endpoint.
If the endpoint has local administrator privilege, we could just sea
...
Hello!
as a beginner with Cortex XDR I asked me, what are interests of others in the query section.
If you have some interesting and useful queries, please share and describe them in a short way.
Thank you!
BR
Rob
We used to be able to access endpoint files and now the zip is asking for a password. Is this the 'admin password' setup under agent settings?
Hello dear community,
I wan't to check the boot time of server OS, because of windows updates. When they got installed and the system is not booted, it will get to an unstable status.
This is a small script, which is reading the fqdn, hostnam
...
Hi we see a problem with a powershell Script we are using to clean up Profiles on some specific Remote Session Host Servers.
It will be blocked by Cortex XDR Pro and so I want to make an Exception for this.
Unfortunately it seems only possible to do a
...
Occasionally, I see an alert with the description of "LDAP: User Login Brute Force Attempt". If I'm reading the tea leaves correctly, we're relatively confident that we're observing a failed logon for someone performing maintenance on a specific dev
...Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
1 Like | |
1 Like |