Cortex XDR Discussions

Resolved! Using XDR Host Insights and XQL to report of machines with specific software

Hello All

I would like to use host insights to provide a list of each machine with a specific software installed.

For example computer that have software containing 'docker'

I can go to host insights, Applications, filter to include 'docker' and see

...

Do Palo Alto plan to add endpoint DLP option to the Cortex XDR/Traps offering?

In many cases the firewall based DLP or Prisma Access cloud based DLP is good enough but in some cases like if the web site can't be decrypted or a local corporate site that does not go through the Prisma Access an endpoint DLP is great.

So I hav

...

Resolved! Penetration testing for publicity

Hello!

are we allowed as cortex xdr customers to penetrate the security suite through other researchers/analysts like TPSC https://thepcsecuritychannel.com/ ? They will also put a video on youtube.

Thanks

BR

Rob

Threat Intelligence Feed (IP-Adresses)

Hello!

we have bought a DNS SEC product with a TI Feed (with bad IPs - about 900k).

How can we integrate this into Cortex XDR?

It is a textfile, which can be downloaded through a simple link.

IP1

IP2

...

We need a way to put this IP-Check somewhere on t

...

Can recognize Signer but not signature

I have a security event, I clicked in and found that the CGO signature is unsigned, but when I create an alert exception, it recognizes the signer, why is that? The signature is not recognized, but the signer can be recognized

Blocking Bluetooth Device in XDR???

Hello,

Seems XDR - Device control only block USB-related devices on the Endpoint, is it blocking any new Bluetooth devices if the GUID is unknown?

any ideas?

Cortex XDR

Resolved! Test alerts in Cortex xdr

Is there a built-in way to generate a test alert either from an agent installed on a client machine or through the XDR portal itself?

I currently have an agent ver 7.6.2 installed on a windows box and I'd like to create a test alert that will be visi

...

Resolved! Admin password changes

I received an email yesterday saying the passwords for admin accounts will need to be updated before April14th.

I just wanted to confirm that only admin passwords are being changed. Will there be any changes to integration API keys?

Cortex xdr did not detect malware, what good is it?

Cortex XDR did not detect malware, what good is it?

I got this scan with mal warebytes. 41 detected.

Resolved! Best Simulated (Fake) Malware To Use With Cortex XDR

Hi all,

Do you all know what the best simulated malware is to use in testing out rules/responsiveness/etc on Cortex XDR and where to download these fake malware from. Ideally it'll be benign specially constructed so they trigger same alerts as actual

...

Cortex Subscription license doubt

We have deployed more than 800 agents in the network. Currently, we have a trial license but they will purchase the license the next month.

If the actual license will come did we have to again reinstall the agents.

C:\ProgramData\Cyvera\Prevention folder piling up after installing cortex XDR

Hi Team,

After installing cortex XDR, I can see C:\ProgramData\Cyvera\Prevention folder is getting filled up fast in one of the servers. There are a lot of activities on this server and Traps is catching some malicious activities often. This will def

...

Resolved! XDR 3.2 Broker VM Kernel version

Hello ,

We are using Cortex XDR Prevent 3.2 with 2 Broker VMs for Proxy access .

I guess Broker VMs are Linux appliance . So is there any way to find the Linux kernel version which these VMs are running ?

Thanks in advance for response

XdrAgentCleaner Execution Monitoring

Is anyone monitoring XdrAgentCleaner execution? And if so i have a question, lets say when we run the XdrAgentCleaner, before the agent cleans all the Cortex traces, does it sends the EDR telemetry to cloud so in case if XdrAgentCleaner is used malic

...

Cortex XDR - Ticket system integration or linking options

Hi there,

I am just getting started into what Cortex XDR can do. One item I cannot find a clear answer to so far is how XDR handles alerts forwarding or some API integration between it and, for example, Freshdesk/ServiceNow/Autotask etc.

Is this poss

...

Discussions

Resolved! Using XDR Host Insights and XQL to report of machines with specific software

Do Palo Alto plan to add endpoint DLP option to the Cortex XDR/Traps offering?

Resolved! Penetration testing for publicity

Threat Intelligence Feed (IP-Adresses)

Can recognize Signer but not signature

Blocking Bluetooth Device in XDR???

Resolved! Test alerts in Cortex xdr

Resolved! Admin password changes

Cortex xdr did not detect malware, what good is it?

Resolved! Best Simulated (Fake) Malware To Use With Cortex XDR

Cortex Subscription license doubt

C:\ProgramData\Cyvera\Prevention folder piling up after installing cortex XDR

Resolved! XDR 3.2 Broker VM Kernel version

XdrAgentCleaner Execution Monitoring

Cortex XDR - Ticket system integration or linking options

Where is agent v8.5???

Cortex XDR agent's CE versions missing from the list & version downgrading

Target while adding Allow/Block list

Portal XDR - Customer Feature Request

Integrate palo alto firewall with cortex xdr for utilize EDLs

Re: Cortex XDR agent's CE versions missing from the list & version downgrading

Required Windows Event IDs for the best Cortex XDR detection performance

Re: Query on the difference in Cortex XDR Agent

Re: xql query for file \ folder name.

Re: xql query for file \ folder name.

Unlock your full community experience!

Resolved! Using XDR Host Insights and XQL to report of machines with specific software

Resolved! Penetration testing for publicity

Resolved! Test alerts in Cortex xdr

Resolved! Admin password changes

Resolved! Best Simulated (Fake) Malware To Use With Cortex XDR

Resolved! XDR 3.2 Broker VM Kernel version