This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4319 Views
  • 0 replies
  • 3 Likes

Resolved! Need help with XQL query to report deleted files

Dear Sir, Please if anyone can help to advise the XQL query to create a custom report to capture the "File Delete" activities in one particular server? I know we can create the same from Query Builder, but from Query Builder it will only return 10,000 records. In addition, we not able to email the result as attachment (or if i am wrong with this...

Resolved! Cortex XDR 8.1 release

Hi, I can see that Agent version 8.1 was released on 25 of June (https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases) but I can't see it available on my portal. Could you tell me what have I missed please?

Resolved! Cortex XDR Pro - Server installations - still running Windows Defender (not Firewall)

Hello dear community, what is your expirience with running MsMpEng.exe on Windows Server OS, while using Cortex XDR? In my case the Windows Clients don't run MsMpEng.exe while Cortex XDR is running, but the server do so. What is the difference here and what should I do, to solve this "problem"? Is it a problem? Is this design? BR Rob

RFeyertag by L4 Transporter
  • 12182 Views
  • 6 replies
  • 1 Likes

Resolved! Cortex XDR iOS Agent

Does anyone have any information on creating an App Configuration Policy in Intune to push the Distribution ID and Username to the iOS XDR Agent on an iPhone/iPad?

Resolved! Agent Version - 8.1

Hi All, Has the agent version 8.1 been released? as per the documentation it was released on June 25th but I am unable to see it on the console. Thanks

Alert for internet down on site x (disconnected state)

Hello dear community, we have a couple of sites, which sometimes do not have a internet connection, because the provider has issues. Is there a way to get an alert, when a boundle of agents is not reachable at the same time (disconnected)? I can alert, when one or another is disconnected, but what do I need to change if I wan't to alert, whe...

RFeyertag by L4 Transporter
  • 1349 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XDR Agent restricts mobile phones from transferring data to PC through USB

Hi everyone! Customer needs: when all mobile phones are connected to a PC through USB, only data from the phone is allowed to be transferred to the PC, and data from the PC is not allowed to be transferred to the phone, which means the phone is in read-only mode. By viewing information in Device Control Violations, I now know that all phones...

yuyangab_0-1688029522693.png
yuyangab_1-1688029634557.png
yuyangab_2-1688029644952.png
yuyangab_3-1688029700294.png
yuyangab by L1 Bithead
  • 2627 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XDR

We have configured checkpoint firewall CEF log forwarding to Cortex XDR. Please provide a sample field for CEF-formatted logs.

Resolved! When Broker VM cannot connect to Paloalto Cloud Console, how to enable its Local Agent Settings service

Hello, everyone Does anyone know how to use the SSH command to execute commands to the Broker VM, so that the Broker VM can start the Local Agent Settings service even when it cannot connect to the Paloalto Cloud Console. Because we have customers who implement physical isolation in the military, the BrokerVM Local Agent Settings service will st...

kentwuhc by L1 Bithead
  • 3161 Views
  • 3 replies
  • 0 Likes

CORTEX XDR - Best practices

Hi everyone ! I'm a beginner on CORTEX XDR, and need some help for 2 things ! - First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many different teams, with various work hours. They need to schedule scan when the computer is alive, but when...

MxC604 by L0 Member
  • 4202 Views
  • 1 replies
  • 0 Likes

Resolved! XQL datasets

Is there a comprehensive document containing all the datasets that are currently available? We've noticed that datasets such as "incidents_artifacts" or "incidents" are not displayed in the autofill text in XQL. We would greatly appreciate having a complete list of all the datasets that are accessible.

Creating an Exception Rule for a PT Automation System

I have recently encountered a unique use case; we are working with a PT Automation System in which PT attacks are simulated on endpoints within the organization. This is causing quite a ruckus on the XDR tenant as expected in terms of alerts. Is there a concrete solution to create an exception rule for actions performed by this host ? We have e...

Allow based on certifcate issuer?

We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previously to stop these executables from being blocked. Is there a way to exclude or allow based on the c...

  • 2583 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks