Resolved! helps generate an XQL to notify when a USB is connected

I am trying to use Cortex XDR so that when a user connects a USB storage device I receive a notification by email.

so far I have used this XQL:

preset = device_control
| filter event_sub_type = ENUM.DEVICE_PLUG

which tells me when any USB device

Resolved! Zero-Trust Strategy for Prisma

Hi all

I have been tasked with providing a Zero-Trust strategy document to management, related to how to implemenet this on our Prisma Access solution. 

I am looking for some examples that I can pull from that anyone has done this already for.

I have

Resolved! Retention period for traffic logs on Panorama

Hello Experts

What is the rention period for traffic logs on Panorama, I mean how many days it will keep the traffic logs from firewall. Actually I need to do the harden the security rules by looking the traffic logs.

Resolved! Undetected APP dependency?

Hi. So we ran into an issue and we're not sure if there's a missing app dependency in the Palo Alto db or if we're missing something.

What happened was, we migrated one Policy from port to APP-based. On the Apps seen it only had one detected app (

Resolved! HA active/active dual ISP load balancing

Hi all,

I am considering network design that have:

- Dual ISP (public IP /29 for each)

- 2 x PA with active/active HA

- PA connects directly to L2 networks (LAN)

Requires:

Load sharing between 2 ISP Internet links

Problems:

Is it possible to conf

Resolved! Is the Cloud Identity Engine required for filtering by Group when using Entra without LDAP?

I feel like I've read every document on this forum but I can't seem to find a solid answer to this question. I'm sure someone will link 4 other posts.....  臘‍♂️

I am using SAML Auth to Entra for GlobalProtect.  I can auth to the Portal if I specify

Resolved! Clone a Device Group?

Hi Guys,

I have Panorama with a few device groups; how do I clone one of them from GUI so I can do testing without impacting a production device group?

Thanks