Live Terminal Session Information

Hi,

I was playing around with the live terminal with the permission of accessing a colleagues computer. I connected fine and created a file using the terminal on their Desktop. But I'm not sure how to trace this action. In the Action Center, all I ca

Cortex XDR agent auto upgrade

Hello All,

Is there any recommended configurations for auto upgrade agent? Do we need to disable the agent tampering when applying these changes.

Also is there anyone having observations regarding failed system while upgrade do they revert back t

Cortex XDR Smartscore Incident Scoring standards

Hi everyone,

Smartscore feature in cortex xdr enables an automatic scoring of the incidents using ML driven techniques. So, is there any specific standards in scores like below that specific score the risk of that incident can be considered as high

Thoughts / Experience So Far - Cortex XDR Agent Auto-upgrade

Hello Palo Alto Community,

Our organization is relatively new when it comes to Cortex XDR, though, so far, the product is doing well for us.

Since Cortex XDR has a 9-month period before it becomes EOL, we're looking at the "auto upgrade" feature to ea

XQL - 4740 event log - Account Lock out different languages - merging

Hello dear community!

is there a way to merge the german and english variants in XQL? The action_evtlog_message is sometimes german and more often english. But how do I get the results from both in one 

//Account Locked https://github.com/busteri

AV Scan

Hello,

What is the recommended AV scan period by XDR?

Status of Disabled Cortex XDR Agent

Hello,

We are planning to create a dashboard and report to check if the Cortex agent is disabled on endpoints and servers.

We attempted to create but were unsure which template to use. Could you please assist us with this?

Processes to be fed into XDR as legitimate activities without whitelisting

Hello, 

I understand that XDR has its own analytics or process to generate alerts. Is there way to feed in a process to the analytics so it knows its a legitimate activity without making any exception or whitelist etc. 

E.g. A host is observing mul

Isolate endpoints automatically

Hi Guys,

Just wondering if there is somewhere in xdr to tell it to isolate an endpoint automatically if we get a critical alert or confirmed malware/ransomware alert.

I thought there was something in the profiles but cant seem to find it or is th

Cortex XDR Pro Malwarescan with partial success in Action center

Hello dear community, 

is there any explanation why the malware scan ends up with partial success? Is there any log where we can find the answer?

https://live.paloaltonetworks.com/t5/general-topics/scan-completes-with-partial-success/m-p/509603#M

Endpoints without IP and MAC address

Hi,

There are multiple endpoints without IP and MAC address, what could be the possible reason for it?

Thanks

Host Inventory - installed kbs - no entry

Hello dear community, 

I found some endpoints do not show any kbs entries. One of them is brand new, OK, so there must be an host_inventory run when the agent is running. 

But what is with the other ones which are still running? 

Ok, the other o