Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

1708 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

910 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

5 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

13 Posts

Activity in Security Operations

Upgrading from Cortex XDR prevent to XDR pro

Hi All,

 

Finally we will be upgrading our Cortex xdr prevent to the pro version. Though we would be getting professional services support on this, I need to understand the entire project plan for this Can anyone help me understand as I would be leadin

...

AsifSid by L2 Linker
  • 3023 Views
  • 9 replies
  • 0 Likes

Loading Loop upon login to Cortex xSOAR

Hello Team,

We're experiencing an issue upon logging in to cortex where it will just loop the home page. Upon checking, the developer tools we find below error.

450 Unauthorized

This server could not verify that you are authorized to access the docume

...

Xpanse Business Units

Hi,

Currently we have 2 Business Units "Azercell" and "Baktelekom" on "Inventory > Owned IPv4 Ranges" tab. We've created 2 different tags on Tags field named "Azeronline" and "Aztelekom" in that tab . Is it possible that these 2 tags created as 2 sep

...

Using RPA from Cortex XSOAR

Hello LC,

I working on a unique deployment that requires the use of RPA to do a few actions that are not supported by API on the target systems. Has anyone successfully created an integration or similar for Crayon or other RPA systems? I can see that

...

Where is the id_set.json file utilized?

The purpose of id_set.json is defined here https://xsoar.pan.dev/docs/documentation/pack-docs#how-do-you-find-pack-dependencies. So it's kind of like package-lock.json in NodeJS. However, where do we need to use it? I can only see it's being used in

...

TPhan by L0 Member
  • 251 Views
  • 1 replies
  • 0 Likes

Using Cortex with DeTTeCT and dettectinator

I am using the DeTTeCT approach to assessing our coverage against ATT&CK: GitHub - rabobank-cdc/DeTTECT: Detect Tactics, Techniques & Combat Threats. In this approach, you need to start with a set of yaml files that have your datasources and detectio

...

Cortex XSIAM XQL Query Issue

Hi Team,

I was searching some logs and I found the query I was running initially was just different from the later (2nd) query, however, I was not getting any results for first time but got the results by 2nd query. I moto here just to understand wha

...

XSOAR - Using a script to run playbook

I want to be able to click on an Indicator (i.e. a domain) in the Incidents page, run a script to kick off an approval process, once approved, continue to block.

 

I've come to the conclusion that script execution in XSOAR is not synchronous; the scr

...

Scan status details of Cortex XDR

Hi Team, 

 

Can I get more information on scan status for below scenarios.

 

. If the scan initiated and before completion the endpoint got disconnected what will be the status?

.. when the endpoint connects back, whether the scan automatically resum

...

Aneesh by L1 Bithead
  • 231 Views
  • 4 replies
  • 0 Likes

Playbook condition data input

Hi Team ,
we've created a playbook condition in which if the risk is greater than zero, the IP should be added to the list created below, otherwise ., it should be added to another list . The input are in an array . How can i make them into single ele

...