This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Resolved! Excluding hash for particular machine

Hello Team, - We have added one of the hash in the block list and it is quaratined. - In one of the test machine we need this file for testing purpose. - Is that possibke to exclude this hash from the particular machine?

Resolved! Legacy Exceptions removal

We're looking through the Legacy Exceptions and some are no longer needed. To do this, do we need to activate them and then remove these exceptions? Also could I please confirm that these exceptions already exist in the system and by clicking activate, we are migrating them so that they can be managed centrally? Thanks

JasonHoMFT_0-1693966729791.png

Resolved! Manually update content version?

Is there a way to manually update the content version? I downloaded the agent install plus latest content version and I can't figure out what to do with the content version files or find a way to push the latest content version. This particular machine is stuck on 188.xxxx even after an uninstall/reinstall. The agent is talking to the server and...

enewman by L1 Bithead
  • 10787 Views
  • 5 replies
  • 0 Likes

Resolved! XQL filter o365 attachments

Hi, I am trying to filter o365 attachments without success, could you help pls sample [ { "@odata.type": "#microsoft.graph.fileAttachment", "@odata.mediaContentType": "image/jpeg", "id": "AAMkADEzYjJhMzM1LTY0ODctNGUxOS05ZDc5LTQ2MWM3NzFmMTRjOABGAAAAAABaN8y0q3IrQ6fyDga7Z5M3BwBvSXHDOoi0TJ5-l2B-i9PgAAAAAAEMAADyHfSb-T8wR5Fak3aFlfa...

Cortex XDR with VDI persitent Desktop

Hello, We use the Vmware Horizon VDI solution in Instant Clone with FSLogix profiles and a dedicated machine based on a Golden Image (Automated, Instant Clone, Dedicated). A user therefore always connects to the same machine, which is updated from time to time from the Golden Image and the machine is never destroyed until user leaves the com...

Multiple detection on Suspicious Network Activity - 3045255237

Hello , We are a MSSP and since less than one hour, a new rules appeared in many of our Cortex XDR tenant : Suspicious Network Activity - 3045255237 involving the IP 2.58.113.190. The communication is launched by the process System, like if a rootkit has been woke up. Whereas the description says "Generic Webshell Command and Control Traffic D...

Help with t XQL BIOC/Correlation rule

Hi ALL,New to XDR world, I am have a XQL query against a 2FA log which looks for user login (fail or success) from 2 different countries in 3 hours. Query looks like dataset in (XXX_raw) | filter eventType = "User.Login" // look for login events| comp min(_time) as Firsttime, max(_time) as Lasttime, count_distinct(country) as location_count, ...

Resolved! ServiceNow CMDB integration and how to use it according to best practise

Hi,we have successfuly integrated ServiceNow CMDB into Cortex XDR and have fetched data to datasets servicenow_cmdb_*. We did not find in the Admin guide information how and if those ServiceNow CMDB data will be propagated into Asset information in the XDR console. Does anybody knows how to uilize those CMDB data for enriching information abo...

Batch file creation in MAC to Fore Reconnect Cortex Agent

Hi Everyone, I would like to force reconnect the workstation that is in old Cortex Tenant to the new Cortex Tenant we have. Is is possible to create a batch file for this so it can help us to work easily? is the .bat format applicable in MAC OS? Thank you in advance everyone! Hoping to hear from you all your thoughts/insights. Regards!

EJaspe by L1 Bithead
  • 1267 Views
  • 1 replies
  • 0 Likes

XQL Query to view the "Incident Name"

Hi People, I was wondering if anyone could assist me with XQL Query to display the Incident name. Please refer to the attached photo to get an idea of what I am trying to achieve. I have used the xdr_data dataset, however i cannot find the relevant field. Appreciate anyone's support. Please note you are posting a public message where communit...

  • 2583 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks