This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating:

 

Rules and Best Practices

 

  1. Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussion
...

JayGolf by Community Team Member
  • 1392 Views
  • 0 replies
  • 3 Likes

Cortex XDR Device Control Violation Query

Hi Team,

How can I check device control violations using an XQL query? I have tried the query preset = device_controlbut I am only seeing details for USB device violations. I am expecting to see Bluetooth violations as well. Is this possible? If yes,

...

Questions about IOC/BIOC Suppression rules

We are doing a (somewhat rushed) Cortex XDR implementation, and I am new to EDR things (in general). 

 

I created an IOC/BIOC Supp rule today for an issue with running the Guardian Browser (I'll let you know if it works), and while there I see 52 Sys

...

How to remove Old versions of Cortex Agent

Hello everyone,

 

We're facing issues upgrading older versions of the Cortex agent on Windows endpoints — particularly versions 7.x and in some cases 8.x. These agents fail to upgrade both automatically and manually.

Requesting a cleaner for each min

...

Port scan alert

Hi everyone,

 

There is some situation in our case.

 

For example there is 2 windows host. Host1 and Host2. Host1 have XDR. But Host2 not. If Host2 executes port scan action (it doesn't matter which tool is using -- nmap, zenmap and etc) to Host1 in

...

Cortex XDR login issue

Hi everyone,

 

I can't sign in to Cortex XDR Console for about 10 minutes. I receiving "Unauthorized - 4010402" for 3 different users. Is it general problem or only for my tenant? I have also another tenant and it works normally. Could you help me?

...

123.png

Resolved! Can't find references from training video

In the "Cortex XDR Basic XQL Crash Course" found here LIVEcommunity - Cortex XDR How-to Videos - LIVEcommunity, they reference two reference documents. I have searched everywhere I can think to search but I find nothing. Does anyone know where I can

...

XDR version 3.x vs 4.x

Hello Experts,

I noticed there's two versions of XDR 3.x and 4.x, Mine is running 3.x. noticed that's quite lot of changes (in UI) for 4.x.
1) will my XDR  be upgraded to 4.x eventually?

2) when?

3) what is the purpse of running both version?

4) is 4.

...

Resolved! BTD - PROCEXP152.SYS - Vulnerable Driver Loaded

Cortex blocked driver PROCEXP152.SYS from being loaded (rule: sync.vulnerable_driver_by_original_name_loaded_procexp)
The thing it that this is a signed microsoft driver and it's kind of a known situation for many other vendors.

Links: Process Explorer

...

Panagiss by L1 Bithead
  • 13040 Views
  • 3 replies
  • 0 Likes

error when try to install cortex on redhat 10

Hello,

 

I try to install Redhat 10. i downloaded last version of packages.

When i try to install on rehdta, i have this error :

 

 

./cortex-8.8.0.133595.sh
Verifying archive integrity... All good.
Uncompressing Cortex XDR 8.8.0.133595 installer 100%
[!

...

action_process_image_command_line Filter Issue

Hi, I'm trying to build a query that would check for reg.exe launches. This is well and good, but the moment I add a filter action_process_image_command_line = "reg save" nothing appears, even though it was part of the initial result for reg.exe. Whe

...

unfiltered.jpg
filtered.jpg
a2123k1 by L1 Bithead
  • 481 Views
  • 2 replies
  • 0 Likes
  • 2422 Posts
  • 88 Subscriptions
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks