Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi,
I was looking for an answer in a scenario where only 1 broker VM is available.
What happens when the VM goes down. How does the end point connect to XDR console and how can we get the visibility when VM goes down for long period.
Hi by mistake i had delete the 2fa google authenticator account and now i am not able to login in xdr console without 2fa is there any way to disable the 2fa form other account.
Hello-
Does anyone know the following details to how the product manages the retention for logs and quarantine?
I understand you can set the log quota to a specific size. This will leverage that on local disk. What I am not clear on are the followin
Cortex XDR I can't get the login code from the Palo alto network that verifies by email (before it's working but during these two days I can't get those codes anymore).
We have installed the DSM/content pack(v1.10) in QRadar and configured QRadar as a syslog server in External Applications in the Cortex XDR dashboard. In the dashboard the status is valid, and in QRadar we see packets coming in. However it seems as i
...
Cortex-XDR agent rollback feature not available, its recommended for deployment in large network.
We know that Cortex has the ability to use AMSI but is any one able to achieve a BIOC rule which can trigger an alert for the content inside the script.
Lets say if a Powershell script which is being run has certain parameters in the body such as "re
...
Hi, Cortex XDR Local Analysis Malware module stops a process called "ClientConsole.exe" (I guess it's a false positive)
I've created a global exception for that issue and checked-in client but XDR still blocks this executable.
In client log I read th
...
We have the Prevent license and I am curious if anyone has been able to take their PA NGFW data and send it to the XDR console? I know this can be done with the Pro license for increased forensics and threat detection but I am not sure if I can do it
...
I was wondering if it was a possibility to rollback on a previous version of the content update just to test something?
Anybody knows if that's doable?
Does anyone have a working solution to export Cortex XDR alerts into Splunk?
We have tried to use Syslog but support was dropped by the PAN Splunk App Team for that in favor of the API which only pulls Incident data(no alerts) and a link back to the
...
Hi everyone, I was wondering how the content auto-update delay feature works when a CU borks a system.
Last week we experienced a sudden spike in cpu and ram usage, and the affected machines crawled and stuttered, impacting production. Support told u
...
Microsoft is running Follina signatures to Defender Vulnerability Management and Defender antivirus tools. I don't see anything in Cortex XDR about Follina or DogWalk.
Hello dear Community,
is Cortex XDR Pro able to fire a script on all or on some hosts with one klick?
I know and worked with the live terminal, but how can we perform scripts for multiple workstations/Servers/Notebooks?
BR
Rob
Hello
i am trying to create XQL filter to filter out all known connections, so it only returns me connections that should not happen.
So i create separate line for each of those knows connections, like:
filter (action_local_ip != "10.130.130.34" and act
...| User | Count |
|---|---|
| 9 | |
| 5 | |
| 3 | |
| 1 | |
| 1 |
