This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Resolved! Event Logs That Are being Gathered With Cortex XDR - Windows

Hi Everyone, I was doing some research on Event IDs that are being gathered by Cortex XDR and I came to the conclusion that the Event ID needs to be enabled on the Windows first so XDR is being able to gather them. XDR probably does not overrule the local audit log settings on the server for example. Am I correct or am I missing something?Than...

mkuhelj by L0 Member
  • 7140 Views
  • 1 replies
  • 0 Likes

Cortex XDR External Alert Mapping rules

Hi community, is there anybody who knows how External Alert mapping rules work in a case there is more than one of them? Do you create an alert for every rule that was hit or is there some kind of precedence? There is no mention in documentation. Thank you, Jan

Resolved! ShroudedSnooper targets security components of Palo Alto Networks Cortex XDR

Hi All. There is a malware that is targeting the components of Cortex XDR, I checked the security advisories page from Palo Alto but did not find anything related to it. Can someone help me find out if there's anything from PA regarding the same and how it has impacted and how we can be safe from it. Hackers backdoor telecom providers with n...

Resolved! Events That Cortex XDR is Logging

Hi everyone,Does anyone have a list or any reference to a document where I can see which logs Cortex XDR is gathering from a Windows endpoint? For example, to clearly know, that XDR is gathering all file event types, process creations, gathering event IDs (based on which one are enabled), etc.Thank you.

mkuhelj by L0 Member
  • 1480 Views
  • 1 replies
  • 0 Likes

Cortex XDR exclusions in McAfee/Trellix

Hi We are currently deploying Cortex XDR as a managed service. However we have on-prem McAfee/Trellix which we are to keep. I've put in McAfee exclusion for "c$\Program Files\Palo Alto Networks". So anything in "Palo Alto Networks" and any subfolders do not get scanned by McAfee. Are there any other exclusions that need to be put in place? R...

Resolved! XDR Resource IPs for Connectivity to XDR Server

Dear experts, From the following resource table, two json tables for GCP are provided (one for Google subnet and another for Google IP range associated with my region) Question: For the connectivity, do we need to allow all GCP IP range (in the json file) or just those IP ranges associated with my region chosen (my Tenants)? Is there an eas...

SeanDeHarris_0-1695019619119.png

Resolved! Agent v.7.9 Removed???

Hello experts, From the matrix, v7.9 supposed to be the last version to support Win7, just found out 7.9 has been removed from the Agent installation while creating an installer. Do we need to "downgrade"/use much older v5.0 instead??? Thanks, SDH #installation #windows Cortex XDR

SeanDeHarris_0-1694489642033.png
SeanDeHarris_1-1694489727014.png

Resolved! Hashes of the attachment from the o365 log

Dear community, I've been evaluating the benefits of ingesting o365 logs so far. Seeking those who have the mentioned logs ingested into Cortex XDR - does Cortex XDR review and raise alert using the hashes of the attachment if the attachment is a malware?Besides, what are the useful data / alert that you think it helped your organization in term...

File scanning.

Hey All, question for you. What process does an XDR agent follow when a user opens a simple .pdf or .docx file? I am trying to find something basic to explain this to one of our Executive Managers who is concerned that the agent is causing common apps like Adobe Reader and Word to open slowly. Appreciate any info you can offer. Thank you, Joe

Resolved! Requesting Clarity on XDR XQL API Logging (timeframe related)

Hello Team, We are using XQL to query data from cortex API for windows event logs. Our query run every 5 minutes and we have used parameter timeframe in the query. This parameter is provided in the API documentation. However, when we pull the logs, there is discrepancy in number of logs we pull and number of logs observed in Cortex XDR search....

Resolved! Upgrade agent fails

Hi team I am trying to update an agent but it shows me "the installer has timed out" on the logs, I checked upgrades logs and I see the next message "Distribution ID is missing from installation package" I thought that it could be an issue related to agent installer but they exists on the console. Has anyone had a similar problem? Thank you!

MarcoMJ by L1 Bithead
  • 10015 Views
  • 5 replies
  • 0 Likes
  • 2582 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks