Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Is anyone using the "new API method" R7 references?
https://docs.rapid7.com/insightidr/palo-alto-cortex-data-lake/#New-API-Collection-Method-now-available-as-of-January-2023
Hello,
Is Linux AIX , Solaris and Power Linux compatible with Cortex XDR.
I would like to set a detect rule for the servers which installed the agent in the last 30days. After 30 days, Those servers will be applied for block rule.
The current setting is to select the server in the target and remove it from the target aft
...
Hi, is Cortex XDR supported on ESXI, Red Hat, and CentOS.
Pls, provide the documentation related to it.
We were using Symantec to block user's to connect Wifi. But using Cortex how can i block the wifi.
Can someone advice me on this.
Thanks
Hi community,
I have questions about setting up file and folder collector.I do not understand what the inclusion of logs of this collector gives us.How can I view all files of any formats that are in the folder?What is the vendor and product responsi
...
Hi Community,
Hope fellows can provide some insights. I have received a suspected DGA alert from my MSSP and upon validating with XDR, it shows Network Services is making such queries. As the domain is my internal domain with gibberish sub-domain,
...
Is there a limit to pull data from XDR through API?
I understand that query through API has limit but what if we are pulling endpoint information/alerts/incidents through it?
Hello,
In alerts, we are observing the endpoint tags and groups are being represented as numerical values. Why is this happening?
Good morning. The provided image is a screencap which appears when I select a single Result in an Incident. Notice that I used the mouse to select the entirety of the path which appears in the browser, while the hover shows that there's much more p
...
Hi,
I'd like to know how I can export/view information about Windows endpoints that do not apply with specific KB by specific ENDPOINT GROUPS. I can only filter by CVES or ENDPOINTS from the Vulnerability Assessment but not with KBs.
My second ques
...
There are few workstations and servers that are still running on 7.5 and we cannot upgrade them to the latest version as the package is unavailable and saying removed by Palo Alto Networks.
Can anyone please suggest how we can upgrade those systems
Assume alert has been generated in the XDR, if the IP involved in the artifacts are raised as malicious or suspicious by some of the security vendors in the VT(virus total) or shown as malware by wildfire. Is that really the IP is suspicious? Please
...
Hello dear Community,
Does the source IP restriction in the security App settings affect the API communication?
BR
Rob
Is it possible to check if a file is present on any system in network through Cortex XDR based on file name or the hash value of the file.
| Subject | Likes |
|---|---|
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like | |
| 1 Like |
