This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2481 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1283 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

10 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

121 Posts

Activity in Security Operations

Start a conversation

Vulnerability Assessment in XSIAM 3.3

Does anyone know what happened to the Vulnerability Assessment in XSIAM after upgrading to 3.3? I used to be able to do Inventory → Endpoints+Host Inventory → Vulnerability Assessment, select Endpoints on the upper-right bar and then search by Endpoint Name and view vulnerabilities. This is no longer present in XSIAM 3.3 after the updated Vuln...

Cortex XDR: create endpoint groups

Good morning, maybe someone could help me to find out if there is any option to create several endpoint groups by uploading a file or by other means. From the inventory -> endpoints -> groups, it seems that it is only possible to create one endpoint group at a time. Thanks in advance. Kind regards,

How to escape a wildcard (*)

How could you escape a wildcard in a query For example if i am looking for suspicious LDAP queries like (objectclass=*), i need that to be literal and not match on things like objectclass=example. I have tried many different combinations including just a simple \* but have not found anything that works

Defining a Known User Object List for Automated Playbook Logic in XSOAR

I need to define a known user list as an Object List so that the playbook can automatically check it. If the username involved in the incident is found in this known list, the condition should pass and the incident should move forward toward automatic resolution. How do we properly define a list inside the playbook and configure the logic so t...

Chamindu by L1 Bithead
  • 148 Views
  • 0 replies
  • 0 Likes

Playbook to enrich dataset data into alert context

Hi, Is anyone able to guide me on how to achieve this perhaps? I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appreciated. thanks in adv

PA_nts by L4 Transporter
  • 126 Views
  • 0 replies
  • 0 Likes

Enriching context data with info from datasets

Hi, Is anyone able to guide me on how to achieve this perhaps? I want to ran a task in a playbook that will do a custom query in a dataset and pull information and add it to the alert context data.. is this possible and if so guidelines would be appreciated. thanks in adv

PA_nts by L4 Transporter
  • 126 Views
  • 0 replies
  • 0 Likes

Broker Helath Checking

Hello everyone! I working in a environment that have some broker clusters and local brokers as well, I would like know how I can implement some way to have a daily health checking for these brokers, like if the broker is need a reboot to update, if I don't have any Gaps in receiving logs (for example the last logs received was one day ago) etc...

Advanced Authentication Cortex API

Does anybody have any examples of how they have implemented Advanced Auth for the Cortex APII only have PowerShell available examples using that that would be preferred, but I can probably interpret most scripting languages.If not examples, maybe links to articles discussing the process to implement it more generally.Cortex XDR

Resolved! Force XDR Agent

Hello, Please, how to force XDR Agent to capture all commands on CMD and PowerShell without GPO? For example, we can detect quser command, but we can't detect Set-Alias command. The problem is another vendor can detect any command line running in memory. Best regards.

[Cortex XSIAM ] XDR Collector Collect Windows Security Log。XDR Collectors Administration Status display "Error".

Currently, I'm using the default templates. Despite trying many tests, this error message persists. Am I missing any information? XDR Collectors Administration Status display "Error". Error Message : Exiting: no modules or inputs enabled and configuration reloading disabled.What files do you want me to watch? XDR Collectors Administration ...

jchen644219_0-1765245869642.png
jchen644219_2-1765246646357.png
jchen644219_3-1765246972416.png
Load more
Register or Sign-in
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks