Use Case and Purpose of xdrhealth.exe

Recently i have noticed that there is another folder which has been created under PA Cortex folder as below:

"C:\Program Files\Palo Alto Networks\Cortex XDR Health Helper"

Inside the Folder there is PE which is xdrhealth.exe, what is the purpose of t

Create a correlation between xdr agent and palo alto url filtering

Hi,

I need to get the correlation between url that are being access and found through url filtering in PA FW and xdr agent that shows me which machine are accessing this url.

In Cortex XDR I can see the the log from PA Firewall, source ip it is our

Non Reporting Machines

Alerts(incidents) are getting generated from the machines which are Not showing in the endpoints(Not reporting to console)list. what would the issue or backend path

Anti-ransomware aggressive mode files backup issues

Hi to everyone.

We have anti-ransomware feature set in "aggressive mode" 

The aggresive mode files cause the backup software of PCs to fail, and thousands of "There was a general error processing this file. Please retry it and if the problem pers

Command to Install 7.8 agent on top of the existing agent for Linux servers

Hello,

Can we please get the command to Install 7.8 agent on top of the existing agent for Linux servers.

Need to Change the Uninstallation password?

If the client needs to uninstall the Cortex XDR it asks for the password, So need to change that password, what is the path and will be any impacts on the systems which are with agent installed?

Uninstalling Cortex XDR

Hi All,

The customer is trying to uninstall the old agent version as they are not reporting to the console and installing the latest version. 

There are 1000+ machines in the infra and they are planning to do this via a centralized tool. 

Please su

XQL Query: Issue with arrayindexof() function in host_inventory dataset

Whenever we use arrayindexof() function with host_inventory dataset we get an error (Failed to run) but whereas when we run with dataset of xdr_data we get a success response message.

Please run the below XQL query: (Status == Success)

How to find the Cortex XDR client Policy Profile name from Windows without Local Admin

As different Cortex XDR Policy profiles can be pushed to different users, it is sometime required to find out what is the current XDR Policy Profile used by a particular endpoint.

If the endpoint has local administrator privilege, we could just sea

Please share your useful XQL queries!

Hello!

as a beginner with Cortex XDR I asked me, what are interests of others in the query section. 

If you have some interesting and useful queries, please share and describe them in a short way. 

Thank you!

BR

Rob

False Positive: Suspicious File Modification' generated by XDR Agent - Module Anti-Ransomware Protection

Hi we see a problem with a powershell Script we are using to clean up Profiles on some specific Remote Session Host Servers.

It will be blocked by Cortex XDR Pro and so I want to make an Exception for this.

Unfortunately it seems only possible to do a