Security Operations

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2206 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1176 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

9 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

57 Posts

Activity in Security Operations

Vulnerability Assessment Cortex XDR

I see there are two datasets regarding vulnerability assessment in Cortex XDR "va_cves" and  "va_endpoints" dataset. What is the difference between these two? Also is there some dataset or anything in Cortex XDR that I can use to find out if a CVE vu

...

Rare Admin Login in Environment

Hi guys, could anyone help me with the query I'm trying to do. 

I'm looking to build an alert based on the rarity of a login in the environment. For instance, raise an alert if "admin" logged in to a device, but that action hasn't been seen in the dev

...

a2123k1 by L0 Member
  • 170 Views
  • 1 replies
  • 0 Likes

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

  1. New Certifica

...

Resolved! Cortex XDR along side MS Defender for Endpoint

Hi

 

We are in a position where we would want MS Defender for Endpoint (the EDR, not just the AV) to fully work alongside Cortex XDR.

 

We dialed Cortex XDR's protection down to work "passively" by re-configuring all modules to the "report only" as o

...

tmeksik by L2 Linker
  • 303 Views
  • 2 replies
  • 0 Likes

Not able to export custom field in the report

Hello team,


I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or

...

SGupta by L1 Bithead
  • 1383 Views
  • 2 replies
  • 0 Likes

Email confirmation:

Hello Everyone,

 

When we request the Palo Alto team to review or change the category of an executable that is already been tagged as 'Malware' , why don't we receive an email confirmation from the platform acknowledging the receipt or change of the

...

Register or Sign-in
Top Liked Authors