This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
Accept
Reject
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

XDR_DATA logs ingestion to splunk

I am thinking of a way to bring in xdr_data dataset logs which we see in xdr query builder to splunk.

As of now i am ingesting the alert and incident data from cortex xdr into splunk.

Can anyone suggest, how i can achieve this?

 

Cortex XDR Query Builder

Hello Community,

Was wondering whether someone could assit me with an issue.

So at the moment i cannot make any search via the "Query Builder".

When i move to query center and create a custom query i can only return results when i search "dataset = pan_

...

willh1_0-1659109209207.png
willh1 by L0 Member
  • 733 Views
  • 1 replies
  • 0 Likes

Resolved! Event_Sub_Type Failed to run

When running this XQL query if I add event_sub_type to the filter it fails to run

I can run the query without any filters, and then add the event_sub_type column without issues

 

dataset = xdr_data
| filter event_type = ENUM.FILE and (event_sub_type =

...

NathanBradley_0-1659458727567.png

Upgrade agents locally

Hello,

 

Is there any option available to upgrade agent from local agent console? (Eg: If local IT team can upgrade agent from endpoint directly)

 

Thanks

 

NivedaR by L2 Linker
  • 1020 Views
  • 5 replies
  • 0 Likes
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Copyright 2007 - 2023 - Palo Alto Networks