Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2325 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1220 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

9 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

84 Posts

Activity in Security Operations

Repeated False Incidents with Unknown Verdicts

Hi everyone,

I’m currently facing an issue with Cortex XDR where I regularly receive incidents flagged as suspicious,

 

This particular one shows:

  • WF (WildFire) Verdict: Unknown

  • VT (VirusTotal): 0/64 detections

Every week, I keep seeing similar in

...

Resolved! Access a list from an integration

To access a list from an automation I use something like:

json = json.loads(demisto.executeCommand("getList", {"listName": "blabla"})

However, from an integration I cannot use the executeCommand method. Is there any way to access a list from an inte

...

rdevega by L1 Bithead
  • 3383 Views
  • 6 replies
  • 0 Likes

Cortex XDR API requests

Hi everyone,

 

There is an problem im facing with. The problem is -- Some of API requests are not shown in "Management Audit Logs". There is another API's which ones can be shown in "Management Audit Logs". Is there other option for this case? To col

...

OrkhanM by L1 Bithead
  • 168 Views
  • 1 replies
  • 0 Likes

Wildfire API for scanning before upload

Hi,

 

I want to scan files before they get processed or uploaded to a linux server, if the file is malicious it is blocked from being uploaded, if clean then it gets uploaded and processed.

Cortex XDR Prevent has on-write feature for windows only. I

...

jannette by L0 Member
  • 131 Views
  • 1 replies
  • 0 Likes

Cortex XDR Device Control Violation Query

Hi Team,

How can I check device control violations using an XQL query? I have tried the query preset = device_controlbut I am only seeing details for USB device violations. I am expecting to see Bluetooth violations as well. Is this possible? If yes,

...

Questions about IOC/BIOC Suppression rules

We are doing a (somewhat rushed) Cortex XDR implementation, and I am new to EDR things (in general). 

 

I created an IOC/BIOC Supp rule today for an issue with running the Guardian Browser (I'll let you know if it works), and while there I see 52 Sys

...

How to remove Old versions of Cortex Agent

Hello everyone,

 

We're facing issues upgrading older versions of the Cortex agent on Windows endpoints — particularly versions 7.x and in some cases 8.x. These agents fail to upgrade both automatically and manually.

Requesting a cleaner for each min

...

Port scan alert

Hi everyone,

 

There is some situation in our case.

 

For example there is 2 windows host. Host1 and Host2. Host1 have XDR. But Host2 not. If Host2 executes port scan action (it doesn't matter which tool is using -- nmap, zenmap and etc) to Host1 in

...