Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Discussions

License

Hello, 

 

I know that when we buy cortex xdr prevent and pro per GB license, it comes with default data lake. But we cannot access this data lake from HUBs as we did in the past. 

 

And, I know that we can but Data Lake for Prisma and IOTs. But I won

...

Data Ingestion License Violation

After our Cortex XDR tenant was upgraded to 3.9 we started receiving the following error: "License Violation warning Based on a 7 day average calculation from February 24th 2024 to March 1st 2024, your daily ingestion quota is exceeded."

 

Looking at

...

jruck by L2 Linker
  • 712 Views
  • 6 replies
  • 0 Likes

Data Lake Activation Button

Hello, 

 

I have Cortex Pro per GB license of 165 GB. I have also bought Cortex Data Lake. When I go to Support Palo Alto--> Products--> Assets tab, I can see Data Lake and its Auth Code. But when I go to https://apps.paloaltonetworks.com/apps , I se

...

JahidAliyev_0-1708693524066.png
JahidAliyev_1-1708693647357.jpeg

Cortex Visio Stencils

I am making customer diagrams for Cortex XDR, XSOAR, and the data lake. I can easily find hardware visio stencils, but nothing for Cortex. Does anyone know where I can find Visio stencils? This link has nothing: https://www.paloaltonetworks.com/compa

...

Resolved! Ingest DHCP logs using XDR collector

Hi,

 

I am having issues with ingesting DHCP log from our DCs. We are using the XDR Collector app. I suspect that the issue is with the filebeat.yml file but cannot figure out what the problem is. I have tried and followed the guide below and copy-pa

...

DTRH: CIS Benchmarking - 3rd Party Data Ingestion | Data Parsing | Widgets & Dashboards

 

 

                                                                                   

DTRH: CIS Benchmarking

3rd Party Data Ingestion | Data Parsing | Widgets & Dashboards

 

Overview

In this DTRH we will look at adding valuable data into XDR from

...

JEbrahimi_0-1659635846472.png
JEbrahimi_1-1659635882109.png
JEbrahimi_2-1659635927721.png
JEbrahimi_3-1659635998808.png

Resolved! Firewall logs to Cortex Data Lake log buffering

Hello,

 

For firewalls managed with Panorama there's a setting in Panorama "Buffered Log Forwarding from Device" which tells the firewall to buffer it's log in the case of loss of connectivity with Panorama.

 

Does anyone know if there is an equivale

...

Block logs to Data Lake from specific endpoint

Hello,

 

I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it.

Is there any way to block/preven

...

tntrust by L1 Bithead
  • 1623 Views
  • 4 replies
  • 0 Likes

DTRH: Scripting Anything and Reaping Data

 

 

DTRH: Scripting Anything and Reaping Data

 

Overview

Customers are always asking for additional capabilities in the product and often times these feature request may come during a POC where having that capability can be the deciding factor in wi

...

JEbrahimi_0-1622052573092.png
JEbrahimi_1-1622052573097.png
JEbrahimi_2-1622052573099.png
JEbrahimi_3-1622052573100.png