Discussions
Check out LIVEcommunity discussions to find answers, get support, and share knowledge related to Palo Alto Networks tools and products.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Discussions
Check out LIVEcommunity discussions to find answers, get support, and share knowledge related to Palo Alto Networks tools and products.

Browse the Community

General Topics

Post a discussion here if you have general questions regarding configuration and troubleshooting for Palo Alto Networks products. Use this forum to collaborate with like-minded security professionals to improve your security posture.

24393 Posts

Custom Signatures

The Custom Signatures discussion is a resource for security professionals to discuss the creation process of custom signatures in their PAN-OS appliance.

176 Posts

VirusTotal

Have you encountered a false positive verdict for Palo Alto Networks (Known Signatures) on VirusTotal? Use this forum to submit a verdict change request. Change requests should include the File Hash, Link to VirusTotal report, current VirusTotal verdict, and description.

799 Posts

Network Security

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to all things Network Security.

5184 Posts

Cloud Delivered Security Services

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Palo Alto Networks’ Cloud Delivered Security Services.

654 Posts

Secure Access Service Edge

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Prisma Access and Prisma SD-WAN.

572 Posts

Security Operations

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

4585 Posts

Activity in Discussions

Open Telemetry - OTLP

Has any XSIAM tenant had a plan to utilize OpenTelemetry Collectors to populate data into a VM Broker or any other method to utilize logs sourced via OTLP? Technically could convert the OTLP to syslog out to VMBroker but not sure yet what is lost in that.

Urgent need of help trying to reach tech support without a case #

I have a PA-820 but I can't create a ticket because I can't get past the account activation. I'm stuck in a loop because my device serial number doesn't match my customer ID for some reason. Our workforce is without network due to this device and I can't get past the internet to get actual help. How can I talk to a human at Palo Alto to get ...

no incidents generated since May 20?

Our Cortex XDR instance stopped generating incidents when detecting malware and other threats. (Somewhat similar to "Cortex XDR - Blocked Hashes on newer systems do not show in Incidents" - except in our case, this is across the board on all devices, for all threats and behaviors.) (If we initiate a malware scan on the affected device, an incide...

Cortex XDR and Microsoft Defender Coexistence and Performance

Hello Cortex XDR Community,We recently were asked to have official guidance regarding the coexistence of Cortex XDR Agent and Microsoft Defender on Windows endpoints. My questions to the community and experts is: - Is the coexistence of Cortex XDR and Microsoft Defender Antivirus officially supported? - Is the coexistence of Cortex XDR and Micr...

Captive portal reauth

Im using captive portal in Palo Alto and each 3-4 hours i receive this: I need to reauth. Why is happening this? any timeout o cookie? where should i check?

Captura de pantalla 2026-07-02 132032.jpg
BigPalo by L4 Transporter
  • 43 Views
  • 1 replies
  • 0 Likes

Orphaned Cortex XDR Agent enforcing USB read-only on personal laptop

Hello, I have a personal Windows 11 Pro laptop with Cortex XDR Agent 9.2.0 installed. The agent is no longer connected to any management server and the GUI shows: Connection: No connection to server However, Device Control is still active. Every time I connect my Samsung T7 Shield external SSD, I receive the notification: "Cortex XDR | Device Co...

Resolved! Not seeing Cortex MCP Server Download

Hi all the Cortex MCP Server download under Settings → Configurations shows on commercial tenants but is missing entirely on our FedRAMP / Federal tenant (not a permissions issue). Is it on the roadmap for Federal environments, and is there an expected timeline for rollout? Thanks!

IPSec Dynamic Peer VPN, failure to send traffic over attached tunnel interface

Is anyone aware of a known issue with sending traffic over an IPSec tunnel interface when using multiple dynamic peers with FQDN (host) peer identification? I have multiple existing branch locations connected to the PA with IKEv2 IPSec tunnels using dynamic FQDN (host) peer identification from Cisco branch routers. Up to now it has worked fine...

Options to parse Syslog messages containing linebreaks

Hello everyone! I am facing a problem and hope someone can provide me with answers I have yet to find.I am parsing syslog data into XSIAM, from a certain kind of our systems.One of the entries in the original data for one of these systems may contain a linebreak (\n).As this linebreak is not (properly?) escaped, this breaks the original messag...

DLP (DataPatrol) signed DLL injection into Word blocked by agent — permanent exception?

Our DLP watermarks documents by injecting a signed DLL into WINWORD.EXE on print. The Cortex agent blocks the injection — page prints with no watermark, DLL never loads. Works fine with the agent removed. Persists in Report mode, generates no alert/prevention event. Tried a Disable Prevention rule (signer + thumbprint, all modules, global) — no ...

False Positive Generic.ml

File Hash: <9bde4525c8016df30458d17f76c8db49be65ae5366320cf5fe18c21be19d8122> Link to Virustotal report for the file: https://www.virustotal.com/gui/file/9bde4525c8016df30458d17f76c8db49be65ae5366320cf5fe18c21be19d8122 Current VirustTotal Verdict: <Undetected> Description: < Darryl O’Neill is the author of this program who works...