This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4356 Views
  • 0 replies
  • 3 Likes

Resolved! Cortex XDR 7.4.1 crashing server

After the installation of xdr 7.4.1, our domain controllers began crashing, and even after a reboot they would lock up. Has anyone had any issues with the 7.4.1 release on Windows Server 2012 R2? Based on a Windows Dump, Microsoft reported the following:findings- We have checked high Contention Count threads where we were able to see Palo Alto ...

Content update confusion

My content question is, if something still on 7.9. and its no longer supported/ getting content updates, does that mean the virus definitions on the unit with 7.9 is not getting updates or is it more application updates?

Resolved! Event Logs That Are being Gathered With Cortex XDR - Windows

Hi Everyone, I was doing some research on Event IDs that are being gathered by Cortex XDR and I came to the conclusion that the Event ID needs to be enabled on the Windows first so XDR is being able to gather them. XDR probably does not overrule the local audit log settings on the server for example. Am I correct or am I missing something?Than...

mkuhelj by L0 Member
  • 7247 Views
  • 1 replies
  • 0 Likes

Cortex XDR External Alert Mapping rules

Hi community, is there anybody who knows how External Alert mapping rules work in a case there is more than one of them? Do you create an alert for every rule that was hit or is there some kind of precedence? There is no mention in documentation. Thank you, Jan

Resolved! ShroudedSnooper targets security components of Palo Alto Networks Cortex XDR

Hi All. There is a malware that is targeting the components of Cortex XDR, I checked the security advisories page from Palo Alto but did not find anything related to it. Can someone help me find out if there's anything from PA regarding the same and how it has impacted and how we can be safe from it. Hackers backdoor telecom providers with n...

Resolved! Events That Cortex XDR is Logging

Hi everyone,Does anyone have a list or any reference to a document where I can see which logs Cortex XDR is gathering from a Windows endpoint? For example, to clearly know, that XDR is gathering all file event types, process creations, gathering event IDs (based on which one are enabled), etc.Thank you.

mkuhelj by L0 Member
  • 1512 Views
  • 1 replies
  • 0 Likes

Cortex XDR exclusions in McAfee/Trellix

Hi We are currently deploying Cortex XDR as a managed service. However we have on-prem McAfee/Trellix which we are to keep. I've put in McAfee exclusion for "c$\Program Files\Palo Alto Networks". So anything in "Palo Alto Networks" and any subfolders do not get scanned by McAfee. Are there any other exclusions that need to be put in place? R...

Resolved! XDR Resource IPs for Connectivity to XDR Server

Dear experts, From the following resource table, two json tables for GCP are provided (one for Google subnet and another for Google IP range associated with my region) Question: For the connectivity, do we need to allow all GCP IP range (in the json file) or just those IP ranges associated with my region chosen (my Tenants)? Is there an eas...

SeanDeHarris_0-1695019619119.png

Resolved! Agent v.7.9 Removed???

Hello experts, From the matrix, v7.9 supposed to be the last version to support Win7, just found out 7.9 has been removed from the Agent installation while creating an installer. Do we need to "downgrade"/use much older v5.0 instead??? Thanks, SDH #installation #windows Cortex XDR

SeanDeHarris_0-1694489642033.png
SeanDeHarris_1-1694489727014.png

Resolved! Hashes of the attachment from the o365 log

Dear community, I've been evaluating the benefits of ingesting o365 logs so far. Seeking those who have the mentioned logs ingested into Cortex XDR - does Cortex XDR review and raise alert using the hashes of the attachment if the attachment is a malware?Besides, what are the useful data / alert that you think it helped your organization in term...

File scanning.

Hey All, question for you. What process does an XDR agent follow when a user opens a simple .pdf or .docx file? I am trying to find something basic to explain this to one of our Executive Managers who is concerned that the agent is causing common apps like Adobe Reader and Word to open slowly. Appreciate any info you can offer. Thank you, Joe

  • 2599 Posts
  • 98 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks