This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2597 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1299 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

10 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

155 Posts

Activity in Security Operations

Cannot add BIOC rule to restriction profiles

Hello, I'm receiving malware incidents with files signed by the same signer entity. However, Cortex XDR often only detects these files without blocking them. I want to prevent this behavior by creating a BIOC rule that detects processes with that specific signer and converting it into a prevention rule. However, when I try to add the BIOC rule...

SAlves_0-1778845767968.png
S.Alves by L0 Member
  • 91 Views
  • 0 replies
  • 1 Likes

Cortex XDR MITRE ATT&CK v16 -- We're Now on v19. Can We Talk About This?

Hey LIVEcommunity, I have been sitting on this for a while and finally decided to write it up because I am pretty sure I am not the only one running into this. If you are a detection engineer or SOC analyst building BIOCs in Cortex XDR and leaning on MITRE ATT&CK to organize your detection coverage, this one is for you. So Here Is What Ha...

D.Ogle by L0 Member
  • 151 Views
  • 0 replies
  • 1 Likes

XSOAR community or Trial Version

Hi All, From posts/discussions year or so ago it looks like there was a XSOAR community edition or trial edition available for people who want to evaluate or learn the platform. However, I cannot find any where to download the version or any other way to build PoC environment. Is there anything out there that I can use for PoC purposes? Thanks

hamza_b by L0 Member
  • 118 Views
  • 0 replies
  • 0 Likes

Dead Space

This has been bothering me for a while. Look at all this useless space that is taken up now! 1/3 of the screen is useless. I wish I could scroll it away, but we are forced to deal with it. The information I need to actually review is even further down in the bottom 40% of the screen.

GPereira950193_0-1778519819702.png

XSIAM - Data Patterns

Hi. Please, a question about Data Patterns in Cortex XSIAM. Once the connection from the Broker VM to the Windows server (SMB) is configured, the connection is verified and displayed under Modules -> Data Security -> Storage Buckets, how is it linked to previously created Data Patterns and Data Profiles?. Thank you in advanced. Regards.

Quarantined Files not appearing in Action Center

Hi there, We are having issues with files being quarantined on BIOCs but they are not appearing in the Action Center-->File Quarantine. We have verified both Broker VM and local machines experiencing this issue are not anywhere near storage quota. We can see the quarantine appearing in the trapsd.log file and we can see the packets making...

M.Crow by L1 Bithead
  • 206 Views
  • 1 replies
  • 0 Likes

Is there an API to add IPs to Cortex XDR EDL programmatically?

Hi community, I'm looking for a way to programmatically add IP addresses to the Cortex XDR External Dynamic List (EDL) via the XDR public API — ideally using a Python script. Currently, I can see that the EDL is referenced in the Audit Log API as an AUDIT_ENTITY value, but I cannot find any dedicated API endpoint to add or manage IPs in the EDL ...

Username Generalization Playbook

Hey all, i'm hoping that someone has already started something like this and can get me a few steps past the starting line but as we know, in a corporate environment, there are various ways that usernames come across (abc123, first.last, domain/abc123, domain/first.last, fqdn....etc) from different log sources. This creates complexity for playbo...

Can I filter on hostnames in an array?

I'm running the following script, it should display the critical vulnerabilities on MacOS systems.//List critical vulnerabilities on all MacOS endpointsconfig case_sensitive = false| dataset = va_cves| filter os_type = ENUM.MACOS and severity = ENUM.CRITICAL | fields severity,name,description,affected_products,type,severity_score,os_type,affecte...

dataset xdr_data field auth_outcome_reason codes table

we often see entries in dataset xdr_data where auth_outcome = "FAILURE" and auth_outcome_reason contains a code number (e.g. 14, 18, 25, …). It seems that these codes are PAN internal and I could not find a table explaining where these codes come from and what they mean. Does anybody know the explanation of these codes? Thanks

atschopp by L0 Member
  • 179 Views
  • 1 replies
  • 0 Likes

Resolved! Cortex XDR Pro – Does it scan USB devices upon insertion?

Hi team, I would like to confirm the behavior of Cortex XDR Pro regarding USB devices: Does Cortex XDR perform any automatic malware scan when a USB device is connected to an endpoint? If not, what protections are applied at connection time (e.g., device control, behavioral detection, execution monitoring)? Is scanning of removable media only p...

Application Fingerprinting

Hello Community, I want to understand if application fingerprinting can be achieved in cortex. If yes, what is the approach of achieving default block for all the unknown application. Thanks and Regards.

MacOS uninstall password reset

Greetings! I have a problem about Cortex XDR uninstall password in MacOS. The agent got corrupted while upgrading and from then on it is not upgrading to a new version thats why i was trying to uninstall cortex agent then reinstall new one. sudo "/Library/Application Support/PaloAltoNetworks/Traps/bin/cortexxdruninstaller_tool" I used this...

Load more
Register or Sign-in
Top Solution Authors
View All
Top Liked Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2026 - Palo Alto Networks