This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2416 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1250 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

9 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

107 Posts

Activity in Security Operations

Start a conversation

Resolved! Intune MDM

We want to deploy Cortex XDR agents to our Intune managed mobile phone devices (both ios & android). Is there any guide available to do that?

XQL - "After hours" query

This is a fairly dataset agnostic query snippet to look for events "after hours". You'll need to define what that means and also convert the time zone to your local time. This might not work if you're using UTC in the console, I'm not sure there. It took me some doing to get this working correctly and it's a common thing someone might want to...

How to sizing pro per gb

Hi Expert , I would like to know about how to sizing pro per gb i know about if would like size ngfw refer with sls-sizing-estimator and lps per model but it seems like when i calculate is a huge size i'm not sure how to actually size and another log source please adivse me . Thank you

Slow get_alerts API response / Validity check

Hi all, I’m integrating Cortex XDR APIs and want to validate the get_alerts endpoint for connectivity and credentials. I’ve already tested the get_incidents endpoint, and it works fine with our API keys. When I call get_alerts, it always takes ~50 seconds to respond, even with minimal filters (e.g., creation_time >= current_time) and small ...

moradiya by L0 Member
  • 271 Views
  • 1 replies
  • 0 Likes

SHOW ALL ALERT

Greetings everyone. I'm having a problem with Cortex XDR. Low-level security events aren't appearing on the dashboard; only medium, high, and critical ones do. I'd like all alerts to appear on the dashboard. I only see low-level alerts when I go to the /alerts directory and receive them via email. Cortex XDR

I want to block certain certutil commands from being executed through the BIOC Rule

Unable to get it why the below BIOC rule can't be added into the restrictions policy. I was trying to write a BIOC rule for monitoring dropped files via certutil. : dataset = xdr_data | filter event_type = 2 and event_sub_type = ENUM.NETWORK_STREAM_CONNECT | filter actor_process_image_name = "certutil.exe" | filter ( os_actor_process_command_...

P.Madye by L0 Member
  • 265 Views
  • 1 replies
  • 0 Likes

Is possible to implement Failover Handling Integration (BYOI)

Is possible to implement own BYOI Integration with failover handling between multiple engine without load-balancing group because we concerned about the sequence of "Run on" engines must be run on primary engine first and secondary after primary is failover. we tried to implement python based BYOI with "demisto.executeCommand(..., using=primary)...

B.Kulnin by L0 Member
  • 122 Views
  • 0 replies
  • 0 Likes

Xsoar-web-server to setup a web form submission

I am currently using a setup where a google form is hosted and a google apps script send the data over to XSOAR upon submission on google form.How about the integrated "Xsoar-web-server" Is there a way we could use this to eliminate google form and apps script. Cortex XSOAR

Retrieve screenshots from Notes section

Hi! We are trying to give more importance to XSOAR within our SOC processes. As part of the changes we are introducing, we want all alert documentation to be done from now on in the 'Notes' section of each XSOAR incident. The issue we are facing is that when we include screenshots as part of the evidence in the Notes, those images do not app...

adocasar by L1 Bithead
  • 365 Views
  • 2 replies
  • 0 Likes

WHOIS Integration - Connection Refused Errors

Hi All, I am using hois integration to use "domain" command. I sometimes have array of strings for domains and sometimes single string and in most of cases whois return results to me but i got sometimes "Connection Refused" Issue. I already adjusted settigns in integrations , also enabled suppress option and also on task level i adjusted retry m...

Syedhkt by L2 Linker
  • 425 Views
  • 1 replies
  • 0 Likes

How to Handle High-Volume Email Events in XSOAR Without Overloading the System

Hello guys, I am currently working on Use Case for my organization to handle email threats that bypass our Trend Micro Email Security (TMS) gateway. Context My organization uses Trend Micro Email Security as the email gateway. Some phishing, spam, and malware emails still bypass TMS filtering and reach user inboxes. These emails are logged...

Load more
Register or Sign-in
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks