Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

CORTEX

Hello

We would need to know how this announced incompatibility affects our case and it is necessary to take some action. On the other hand, we do not quite understand what impact the following paragraph has on us: While only Windows 10 version 21H2 an

...

Cortex Xdr Partial protected (7.4)

Hi everyone , 

we have a problem with some of our linux servers ,
the status is partial Protected ,

  • the secure boot is disabled
  • the kernel supported
  • the policy is the same on all servers (also those with status 'protected')

the only thing that i find is th

...

chaim_Avisrur_0-1642512485745.png

Agent Blocking Command Prompt/Powershell

The agent has been blocking acess to the CMD , The licensing has been expired due to which the dashboard cannot be logined. I tired to uninstall agent using Cleaner but even the Agent Cleaner has been blocked. What sort of procedures i should follow

...

Resolved! Dynamic group "starts with"

Hi all,

I need to create a dynamic group based on the first letters of device name, like "starts with" or "not starts with".

I cannot use contains because, for example, I have server name that starts with QQ that should not be inside the group, but ser

...

N2Z2 by L2 Linker
  • 2441 Views
  • 3 replies
  • 0 Likes

Resolved! Report exporting questions

I have a custom timer filed called analysttimer, which recording the time analyst spend on an incident, once the incident this field will shows total time spend. I can see the total time is captured in the analysttimer.totalduration field. 

 

When crea

...

XDR endpoints not scanning

Is there a way to look at only the endpoints that have not been scanned in certain amount of time?
I know I can view all the have been scanned in the last day/week/month etc, but I want to look at the devices that have NOT been scanned. 
I need a "does

...

pdysart_0-1641414295405.png
pdysart by L1 Bithead
  • 2420 Views
  • 3 replies
  • 1 Likes

Resolved! Cortex XDR Agent rollout strategy

We will be rolling out to production soon and we need to have full AV protection while Cortex XDR is in monitor mode for up to 2 weeks. The previous Cylance AV agent must be uninstalled prior to the Cortex agent being installed so running in parallel

...

Log4j batch file execution

Hi All.

 

From the Palo alto advisory as per below, we have to run a batch file via our SCCM tool. But I need to understand what version of log4j we are using on our Cortex. How can we find out , Please help

 

To ensure you disable message lookup, follow

...

AsifSid by L2 Linker
  • 2318 Views
  • 3 replies
  • 1 Likes

XDR install not connecting

After getting a Tech Coordinator to remove the old Traps version, she rebooted, and downloaded and installed XDR version 7.5 that I had sent to her. However it shows it is disabled and will not connect to the server. Any advice?

 

pdysart_0-1640196661324.png
pdysart by L1 Bithead
  • 2048 Views
  • 2 replies
  • 0 Likes

Resolved! Cortex Xdr Cytool Linux Force Reconnect

hi ,

I'm trying to create a Python script that I can run from management
to change the Installation Package value,
something like this;

import os

os.system('/opt/traps/bin/cytool reconnect force ecXXXXXXXXXXXX5efdbe920')

I was already able to create one li

...

  • 1764 Posts
  • 79 Subscriptions
Top Liked Authors