Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 910 Views
  • 0 replies
  • 2 Likes

AD Enumeration Powershell

Hi everyone,

I need your help to understand whether it's possible to see which commands users are running in PowerShell—for example, Active Directory enumeration.

I know that Cortex blocks malicious scripts like dumpcreds and BloodHound, but my quest

...

tlmarques by L4 Transporter
  • 406 Views
  • 3 replies
  • 0 Likes

Resolved! Rare Admin Login in Environment

Hi guys, could anyone help me with the query I'm trying to do. 

I'm looking to build an alert based on the rarity of a login in the environment. For instance, raise an alert if "admin" logged in to a device, but that action hasn't been seen in the dev

...

a2123k1 by L1 Bithead
  • 584 Views
  • 2 replies
  • 0 Likes

Detect when a service is stopped in Windows

One of the rules I am trying to create is to know when a particular service is stopped in Windows. Couple of things I have tried. 

1. Event IDs: Typically Event ID 7036/7040 is generated when a service is stopped. But I cannot get a single result wit

...

Resolved! BIOC not supported

Good afternoon,

 

I'm trying to create a BIOC rule that tells me when users are trying to access the wetransfer.com and dropbox.com DNS. To do this, I generated the following XQL. When run, it shows me the logs of the connections to these DNS.

 

data

...

XQL removes endpoint CVEs and ALL information

I want to remove all information related to the endpoint "ABC". However, with the following xql query, it only removes cves that are exclusively associated with this endpoint. If a cves is associated with multiple endpoints, the affected_products, af

...

Malware Scans


Hello community.
Do you know what the “scanning complete” column in the malware scan results refers to? I see that in the values it shows 3 folders, does that mean that it only scans those 3 folders? I attach evidence

R.Tuyub by L1 Bithead
  • 395 Views
  • 2 replies
  • 0 Likes

Cortex XDR on Citrix non-persistent multi-user server

Hi community

Quite often we have issues with cortex xdr on citrix infrastructure. Currently meinly with windows server 2022 we are in the situation where it is not possible to run cortex at all because of possibel servercrashes which are not yet anal

...

Remo by L7 Applicator
  • 1819 Views
  • 6 replies
  • 0 Likes
  • 2322 Posts
  • 87 Subscriptions
Top Solution Authors
Top Liked Authors