Security Operations

Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2202 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1174 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

9 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

57 Posts

Activity in Security Operations

Not able to export custom field in the report

Hello team,


I attempted to export the values of custom SLA fields into a CSV report. When I tried to create the report through the UI, it displayed the timer values, but when I actually generated the report, it only showed the run status (running or

...

SGupta by L1 Bithead
  • 1363 Views
  • 2 replies
  • 0 Likes

Email confirmation:

Hello Everyone,

 

When we request the Palo Alto team to review or change the category of an executable that is already been tagged as 'Malware' , why don't we receive an email confirmation from the platform acknowledging the receipt or change of the

...

Rare Admin Login in Environment

Hi guys, could anyone help me with the query I'm trying to do. 

I'm looking to build an alert based on the rarity of a login in the environment. For instance, raise an alert if "admin" logged in to a device, but that action hasn't been seen in the dev

...

a2123k1 by L0 Member
  • 100 Views
  • 0 replies
  • 0 Likes

BIOC not supported

Good afternoon,

 

I'm trying to create a BIOC rule that tells me when users are trying to access the wetransfer.com and dropbox.com DNS. To do this, I generated the following XQL. When run, it shows me the logs of the connections to these DNS.

 

data

...

On-demand file Examination policy

Hi,

 

I've got 3 questions.
1. I want to schedule a daily scan on servers with cortex xdr, I'm aware that Cortex only has options for weekly and monthly, so I tried creating a new profile for each day mapping them to the same servers but some are bein

...

jannette by L0 Member
  • 121 Views
  • 1 replies
  • 0 Likes

Legacy Agent Exceptions or New menu??

Hi, what's your opinion?

Legacy Agent Exceptions or Global Exceptions Menu??

 

What's the difference? Which one is better?

 

Some support people suggest activating Legacy in Cortex XDR #, but I'm not sure if I should. Would I lose any of the settings

...

tlmarques by L4 Transporter
  • 1058 Views
  • 3 replies
  • 0 Likes

Resolved! Exclusion process cortex?!

Hi,

How can I create an exclusion in Cortex XDR to stop it from scanning a specific executable??

We have a critical software in our company, and we've noticed that Cortex is constantly analyzing it, causing the machine high CPU and MEM.

How can we excl

...

tlmarques by L4 Transporter
  • 1498 Views
  • 2 replies
  • 0 Likes

Cortex xdr agent certificate

Hi all,

I have some doubts regarding the Cortex XDR agent certificate. I have gone through multiple blogs, which provided some insights, but I am still unable to see the complete picture. Below are the key facts I have gathered so far:

  1. New Certifica

...

Custom Parsing Rule - Cohesity

 

This was a fun project. Looks like it is mostly working correctly. Cohesity syslogs come in as a big blob in one field so I messed with some parsing rules to give them their own datasets

 

The only known issue I'm seeing so far is the logs get dupl

...

Register or Sign-in
Top Solution Authors
Top Liked Authors