Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Please sign in to see details of an important advisory in our Customer Advisories area.
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

1771 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

940 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

6 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

14 Posts

Activity in Security Operations

Cortex XDR Upgrade from Pro to per GB

Hello dear community, 


we would like to ingest logs for more visibility. 

Actually we have Cortex XDR Pro. 

How does the upgrade path look like to get the ability to ingest FW and Windows Event logs? 

How much more we need to pay and how does the l


RFeyertag by L4 Transporter
  • 0 replies


Hi All,


We want to enable this feature on XDR, can someone please guide us with the pre-requisites and what steps need to be followed to enable this feature?




Cortex XDR dashboard into Grafana?


L0 Member

am ‎04-08-2024 11:02 AM

Hello, I don't know if I'm in the right place...

I would like to integrate our Cortex XDR dashboard into Grafana. I know this is possible via an API, but which connec



Phisphing feeds and enrichment

Hello, I need your help. I need feeds for domain classification and another feed for phishing, to determine whether domains, emails have been compromised or not. What do you recommend for Cortex XSOAR  


What feed and integration people use??

I need


XSOAR Upgradtion Issue

Cortex XSOAR 8 will have a new FQDN and IP Address in the new platform. May I know is there any existing playbook have pulled the XSOAR data, and export to third-party platform automatically? If yes, it may require to re-configure the IP Address.




Syedhkt by L1 Bithead
  • 1 replies

XSOAR Incident Re Run

soemtimes for testing purpose we need to create similar incident again but I am stuck at this phase. I have exisiting incident and i want to re run it(either manually create, duplicate and re run it or just simply re run exisitng incident, or importi


Syedhkt by L1 Bithead
  • 1 replies

XSOAR - GET-GPO DisplayName



I've created a playbook to analyze some alerts related to SOC and GPO, but the alerts come with ObjectGUID and I need to convert the GUID to DisplayName.

In PowerShell, the command is simple: (Get-GPO -Guid "$GUID").DisplayName.

I tried running


BIOC API access

Hello Folks,

In the Cortex API documentation there is not mention of how to make BIOC rules using APIs or how to access them.

I was wondering if anyone has been able to use the API to create BIOC rules.

Creating a Queue on Slack Integration

Hello all, 

I am working with Slack from the playbook level where a message summarizing an incident is sent followed by Slackask automation to ask users on a channel to confirm the information with two interactive buttons. Take note that the flow has


XDR - Unable to clear user's APPDATA

Unable to clear user's APPDATA...for tshoot (application upgraded) we need delete all files and folder on users APPDATA , but the system prevent this.


I try stop services and delete files/folders, but not work.(XDR create a incident - Suspicious Fi