Routing traffic towards Broker VM

Hi All,

We have a Broker VM set up in our environment, and we only want the agents to communicate with the tenants through the Broker. However, we are seeing few endpoints talking to the Tenant directly over the internet.
Although "proxy" is specifi

Firewall connect as partially to Cortex Data Lake an no logs

Facing an issue with connection to Cortex Data Lake,

Firewalls are connected to CDL, but are unable to see the logs when the device is on the hub,

looks firewall is sending the logs but can't see them on the explorer page,

In addition, on the HUB, we

issue connection to Cortex Data Lake

Facing issue connection to Cortex Data Lake,

Firewalls are connected to CDL, but are unable to see the logs when the device is on the hub,

looks firewall is sending the logs but can't see them on the explorer page,

In addition, on the HUB, we see the

Blocking of IOC in cortex XDR

How can IOCs be blocked on XDR so we don't observe alerts or incidents related to it at all? 

When putting the hash of the IOC in the block list through the action centre it still triggers incidents and alerts.

Is there any other way other than using

Live Terminal Session Information

Hi,

I was playing around with the live terminal with the permission of accessing a colleagues computer. I connected fine and created a file using the terminal on their Desktop. But I'm not sure how to trace this action. In the Action Center, all I ca

Cortex XDR agent auto upgrade

Hello All,

Is there any recommended configurations for auto upgrade agent? Do we need to disable the agent tampering when applying these changes.

Also is there anyone having observations regarding failed system while upgrade do they revert back t

Cortex XDR Smartscore Incident Scoring standards

Hi everyone,

Smartscore feature in cortex xdr enables an automatic scoring of the incidents using ML driven techniques. So, is there any specific standards in scores like below that specific score the risk of that incident can be considered as high

Thoughts / Experience So Far - Cortex XDR Agent Auto-upgrade

Hello Palo Alto Community,

Our organization is relatively new when it comes to Cortex XDR, though, so far, the product is doing well for us.

Since Cortex XDR has a 9-month period before it becomes EOL, we're looking at the "auto upgrade" feature to ea

XQL - 4740 event log - Account Lock out different languages - merging

Hello dear community!

is there a way to merge the german and english variants in XQL? The action_evtlog_message is sometimes german and more often english. But how do I get the results from both in one 

//Account Locked https://github.com/busteri

AV Scan

Hello,

What is the recommended AV scan period by XDR?

Status of Disabled Cortex XDR Agent

Hello,

We are planning to create a dashboard and report to check if the Cortex agent is disabled on endpoints and servers.

We attempted to create but were unsure which template to use. Could you please assist us with this?

Processes to be fed into XDR as legitimate activities without whitelisting

Hello, 

I understand that XDR has its own analytics or process to generate alerts. Is there way to feed in a process to the analytics so it knows its a legitimate activity without making any exception or whitelist etc. 

E.g. A host is observing mul