This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

BIOC - suggestion for improvement

Hey ho!

I've a suggestion for improvement:

BIOC - Browser downloads an .hta or .application file --> You could insert also brave browser.

 

iexplore.exe|chrome.exe|firefox.exe|opera.exe|microsoftedge.exe|microsoftedgecp.exe|safari.exe

 

Thanks

 

BR

 

Rob

 

 

Cyber1985 by L3 Networker
  • 1215 Views
  • 1 replies
  • 0 Likes

Resolved! Process Hunting - Powershell + WGET typing manualy

Hello dear community, 

 

is there a way to hunt for a manually started powershell.exe where a attacker started wget. 

 

In this case I opened cmd and typed this CMD in. Cortex XDR recognized it. 

 

 

But when I manualy open powershell and type in manualy wg

...

Cyber1985_0-1654549745309.png
Cyber1985 by L3 Networker
  • 2260 Views
  • 4 replies
  • 0 Likes

Resolved! Cortex XDR 3.2 Tenant and License questions

Few questions . Thanks in advance

 

1) We have Cortex Prevent 3.2 , so if we move to Pro from Prevent , do we have to use a different agent ? We are using agent version 7.6.1 . Any other thing we need to worry about or make note about in this context ?

...

Balaraju by L2 Linker
  • 2320 Views
  • 3 replies
  • 0 Likes

Resolved! Duo admin/auth logs in Cortex XDR

Hello!

 

Has anyone started ingesting Duo admin or authentication logs into Cortex XDR?

Duo provides a log sync utility but it doesn't support an API key like the HTTP Custom Collector would require and it doesn't write logs to disk (design decision) so

...

mgreer by L0 Member
  • 1923 Views
  • 2 replies
  • 0 Likes

Resolved! Mail - Incident handling

Hello dear Community!

 

I hope I am not the only one with this problems in the incident area:

 

1. When you get a incident message on your mobile phone, I get really angry because scrolling in the frame of the text-message is really stressful. Scrolling

...

Cyber1985 by L3 Networker
  • 1836 Views
  • 2 replies
  • 0 Likes

Resolved! Correlation rules create incident

Hey dear sec community!

 

is there a way to setup an correlation rule, which can block and not only detect?

I couldn't find a way. I tried the XQL queries from the libary. 

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investi

...

Cyber1985 by L3 Networker
  • 3112 Views
  • 6 replies
  • 0 Likes

Confluence Server and Data Center - CVE-2022-26134

Wondering where Cortex is at with this Critical vuln from Atlassian? We are actively moving forward with mitigations, but would like Cortex to be able to take action as well if needed. 

 

Confluence Security Advisory 2022-06-02 | Confluence Data Center

...

ckopta by L0 Member
  • 1815 Views
  • 3 replies
  • 1 Likes

Cortex Linux Agent Debian Package messed up

Hi,

Starting with Version 7.7 the downloadable Package is still named *.deb, in fact it is a tar.gz containing the following:

-config file

-readme

-deb-file

Which means, you cannot just install the so-called "deb package", but you have to create a directo

...

Cortex does not block Windows binaries

To mitigate cve-2022-30190 i wanted to add the file hashes of the msdt.exe binary to the blocklist; but with no effect until now.
The hashes occure in the logfile of the agent below hashcontrol as enabled, but verdict has a value "0".
Is it possible, t

...

A large number of port scans

Hi guys! 

 

Recently, we often encounter incidents associated with a large number of port scans in Cortex XDR. We assume that this started after the last update. Does anyone else have something similar?

 

Thank you!

Latif by L0 Member
  • 1272 Views
  • 1 replies
  • 0 Likes
  • 1784 Posts
  • 78 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks