This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2508 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1287 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

10 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

133 Posts

Activity in Security Operations

Start a conversation

Cortex Pop-ups Triggered for StoreDesktopExtension.exe Despite Being Blocklisted

Users are continuing to receive Cortex alert pop-ups for StoreDesktopExtension.exe even after the executable was added to the Cortex block list. Observations: The file is already present in the Cortex block list. Alerts/pop-ups are still being triggered on user endpoints Is it related to Windows Security Update? Restarting the machine is re...

XSOAR Packs compatible with XSIAM

I have been digging into the marketplace more recently specifically with the TIM add-on. I noticed that the marketplace shows multiple different playbooks for the "TIM - Indicator Auto-Processing" pack on the marketplace website. However inside of the xsiam console. The marketplace only shows one playbook. Are the playbooks cross compatible? Are...

all incidents are missing

Hi everyone All incidents from our cortex xsoar instance are missing or are not shown, but we don't have any filter. The info is still on the server because we can see all the .db files, we tried to re-index the database but this didn't solve the issue. any ideas what might be happening? thanks

Cortex XSIAM XQL: How to find incidents where playbook failed / errored?

I’m new to Cortex XSIAM and XQL, and I’m still learning how things work. I need some help with an XQL query. I’m trying to create an XQL query where I can see: Incident ID, Incident name , Playbook execution status (failed / error), Playbook name, Error message or failure reason (if available). I checked the incidents dataset, but I couldn’t f...

R_BhlpMe by L0 Member
  • 285 Views
  • 0 replies
  • 0 Likes

How to Configure XQL to detect logs not reporting rule

I am able to retrieve logs successfully using XQL in Cortex XSIAM.However, I need to configure an analytics rule that triggers when any single expected source stops sending logs (for 10 minute,1 hours,4 hours). Detect when any one host / source stops reporting logs Alert should be raised per missing entity Should work with Scheduled Analyt...

XSIAM Dashboard

Hi, I'm working on creating a dashboard for the concept below. Has anyone already tried this or have any insights they can share? sudden spike for data ingestions Data ingestion exceeded threshold Data source with correlation rules per source

Why do the same Windows Server data collected using XDRC and WEC agents show different statuses in the following fields?

Why do the same Windows Server 2022 std (Traditional Chinese) data collected using XDRC and WEC agents show different statuses in the following fields? _Collector_type = `WEC` ,Event Log display is 【`English`】,Fields have 【Message】、【 _RAW_LOG】。 _Collector_type = `XDR Collector` ,Event Log display is 【`Traditional Chinese`】,Fields Only have 【Mes...

jchen644219_0-1768787166072.png
jchen644219_3-1768788509185.png
jchen644219_2-1768787586281.png

Playbook Task - Filters and Transformers help needed

Hi All, i have a playbook task that runs a XQL query against a dataset to take info from the alert context data, do a search against a specific dataset, then take the output of the '_broker_device_name' field and then this is written to my parentincidentcontext data.. this works. however, i am struggling with a simple task, and this is for a ...

PA_nts by L4 Transporter
  • 1472 Views
  • 1 replies
  • 0 Likes

XDR Certification - new version

Has anyone started the new Cortex XDR Analyst certification I have seen some information related to the exam, but in the past there were training videos available to help with preparation. At the moment, to prepare for the exam, do we need to complete the two courses: Cortex XDR EDU-262 Cortex XDR EDU-260 Could someone please confirm?

tlmarques by L4 Transporter
  • 1181 Views
  • 1 replies
  • 0 Likes

XQL Query

Can we fetch grouped issues by the help of XQL query. Like if same issues is running again and again in short period of time than that comes with +1 or +2 on console. So can we able to find that +1 or +2 issues which is grouped in a single issues through the help of XQL Query. Cortex XDR

Load more
Register or Sign-in
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks