This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Discussions

Start a conversation

Welcome to the Cortex XDR Discussions!

To make this forum valuable and enjoyable for everyone, please review the following guidelines before participating: Rules and Best Practices Be Respectful: Treat fellow community members with professionalism and courtesy. Constructive discussions are encouraged; disrespectful or inflammatory comments are not. Stay On-Topic: This board is d...

JayGolf by Community Team Member
  • 4375 Views
  • 0 replies
  • 3 Likes

License

Hello, I know that when we buy cortex xdr prevent and pro per GB license, it comes with default data lake. But we cannot access this data lake from HUBs as we did in the past. And, I know that we can but Data Lake for Prisma and IOTs. But I wonder can we buy a data lake wwhere we can access from Hubs and see XDR logs and data (including in...

Data Ingestion License Violation

After our Cortex XDR tenant was upgraded to 3.9 we started receiving the following error: "License Violation warning Based on a 7 day average calculation from February 24th 2024 to March 1st 2024, your daily ingestion quota is exceeded." Looking at the Data Ingestion Dashboard it appears our NGFW data ingestion is reporting to has significantl...

jruck by L2 Linker
  • 4216 Views
  • 6 replies
  • 0 Likes

Data Lake Activation Button

Hello, I have Cortex Pro per GB license of 165 GB. I have also bought Cortex Data Lake. When I go to Support Palo Alto--> Products--> Assets tab, I can see Data Lake and its Auth Code. But when I go to https://apps.paloaltonetworks.com/apps , I see no activate button under Data Lake: I want to integrate PaloAlto firewall with XDR and s...

JahidAliyev_0-1708693524066.png
JahidAliyev_1-1708693647357.jpeg

Cortex Visio Stencils

I am making customer diagrams for Cortex XDR, XSOAR, and the data lake. I can easily find hardware visio stencils, but nothing for Cortex. Does anyone know where I can find Visio stencils? This link has nothing: https://www.paloaltonetworks.com/company/press-kit.html

Resolved! Ingest DHCP logs using XDR collector

Hi, I am having issues with ingesting DHCP log from our DCs. We are using the XDR Collector app. I suspect that the issue is with the filebeat.yml file but cannot figure out what the problem is. I have tried and followed the guide below and copy-paste the example code but no logs are showing up. The yml has been checked and the syntax is corre...

Your Cortex Data Lake integration with Cortex XDR is about to expire

We received a Cortex XDR email with the message: "Your Cortex Data Lake integration with Cortex XDR is about to expire. To avoid any data loss, it is recommended that you copy your device configurations directly into Cortex XDR" There was also a similar warning message that had a link to manually migrate which took me to Configurations > Da...

Cortex Data Lake integration with XDR Expiration.JPG

DTRH: CIS Benchmarking - 3rd Party Data Ingestion | Data Parsing | Widgets & Dashboards

DTRH: CIS Benchmarking 3rd Party Data Ingestion | Data Parsing | Widgets & Dashboards Overview In this DTRH we will look at adding valuable data into XDR from performing CIS Benchmarking across systems. Even outside of CIS Benchmarking data, customers are looking to bring data (telemetry, alerts, logs, …) into the Cortex Data Lake and XDR ...

JEbrahimi_0-1659635846472.png
JEbrahimi_1-1659635882109.png
JEbrahimi_2-1659635927721.png
JEbrahimi_3-1659635998808.png

Resolved! Firewall logs to Cortex Data Lake log buffering

Hello, For firewalls managed with Panorama there's a setting in Panorama "Buffered Log Forwarding from Device" which tells the firewall to buffer it's log in the case of loss of connectivity with Panorama. Does anyone know if there is an equivalent feature when sending logs from firewalls to Cortex Data Lake? I'm not seeing anything in docum...

Block logs to Data Lake from specific endpoint

Hello, I have a case where logs are delivered to Data Lake from endpoint were we're unable to uninstall Cortex XDR agent. We also can't connect to this endpoint to take manual actions to stop receiving logs from it. Is there any way to block/prevent these endpoint uploading logs to the Data Lake? From my knowledge, we could implement Exclusion...

tntrust by L1 Bithead
  • 3154 Views
  • 4 replies
  • 0 Likes

DTRH: Scripting Anything and Reaping Data

DTRH: Scripting Anything and Reaping Data Overview Customers are always asking for additional capabilities in the product and often times these feature request may come during a POC where having that capability can be the deciding factor in winning the deal. The feature request to delivered into the product can be a long cycle, often time you ...

JEbrahimi_0-1622052573092.png
JEbrahimi_1-1622052573097.png
JEbrahimi_2-1622052573099.png
JEbrahimi_3-1622052573100.png
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks