This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
About Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4320 Views
  • 0 replies
  • 3 Likes

Creating an Exception Rule for a PT Automation System

I have recently encountered a unique use case; we are working with a PT Automation System in which PT attacks are simulated on endpoints within the organization. This is causing quite a ruckus on the XDR tenant as expected in terms of alerts. Is there a concrete solution to create an exception rule for actions performed by this host ? We have e...

Allow based on certifcate issuer?

We are currently having an issue with our database disk images being blocked that are set on rotation cycles. The file name and the hash changes incrementally. All our disk images are signed, using a certificate by the issuer; this was used previously to stop these executables from being blocked. Is there a way to exclude or allow based on the c...

Resolved! Response Action

There is an option Response Action under agent configuration, which means we can allow access to a certain application in case the endpoint is isolated. Which application access should ideally be provided in it. Thanks

Resolved! Yara Rules and Cortex XDR

I have seen alerts screenshot on internet where an alert triggered after matching a Yara rules. https://attackevals.mitre-engenuity.org/enterprise/participants/paloaltonetworks?adversary=carbanak-fin7&view=results&scenario=1(Fourth Screenshot) Does Cortex XDR uses Yara Rules? I mean the screenshot answers it but how? Do we need to upgrad...

KanwarSingh01_1-1648928772751.png
KanwarSingh01_0-1648928403368.png

Resolved! XQL Command Line Help

All, Trying to write a XQL query to search for this Windows command line when executed. Can anyone tell me how to distinguish the command line parameters "domain computers" in XQL? Thanks. actor_process_command_line = "%systemroot%\system32\net.exe group "domain computers" /domain"

Resolved! Cortex XDR malware scan

Hello , Does anyone know the difference between the Malware scan initiated from console and Scan initiated by user locally for all drive? Does cortex XDR also scans the memory and registries in the full scan initiated? and how long it should take a system or agent to timeout the scan it it continues in progress for long time. Cortex XDR

EvilExtractor

We have concerns about the Evil Extractor malware posted here: https://www.fortinet.com/blog/threat-research/evil-extractor-all-in-one-stealerI have not been able to find anything on the PA Cortex or Firewall Pages and need to get information back to my CIO that we are protected by PA on this. Thank you for a prompt response.

Resolved! Reporting in Cortex XDR Pro on more pages

Hello dear community, my supervisor needs a monthly report about still vulnerable agents. I got allready an XQL, which I used for the dashboard. config timeframe between "-1y" and "+5d" |dataset = host_inventory| arrayexpand kbs| alter kbnr = json_extract(kbs , "$.name"), install_date = json_extract(kbs , "$.installation_date")| fields ho...

RFeyertag by L4 Transporter
  • 2820 Views
  • 4 replies
  • 0 Likes

Cortex XDR | Azure AD Single Sign On Unauthorized. Error 4011

Hello all, I am trying to setup SSO on my XDR tenant but I am getting the following message when login inUnauthorized. Error 4011 In the console, the status is 401 Unauthorized I followed this video https://www.youtube.com/watch?v=nwF3hY3wgc0 The test user I created for this purpose should have the right access and in the right group, I d...

atayar_6-1687362113867.png
atayar_0-1687361553703.png
atayar_5-1687361819856.png
atayar_1-1687361632598.png
atayar by L0 Member
  • 6866 Views
  • 2 replies
  • 0 Likes

Resolved! WMIC MDE exclusions

Hello dear community, do we need to setup our own bioc, or will this come as a standard rule from PA? https://twitter.com/malmoeb/status/1671453836605550592 BR Rob

RFeyertag by L4 Transporter
  • 3343 Views
  • 2 replies
  • 0 Likes

Resolved! Server certificate for host is not allowed

hi, I have this message on more windows server 2019(vmware environnement), after install cortex 7.1: Server certificate for host is not allowed: error=19, message=self signed certificate in certificate chainHTTP request failed due to an SSL error (0): SSL Exception: error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify faile...

  • 2585 Posts
  • 95 Subscriptions
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks