Global Protect VPN logs from Panorama to Cortex XSOAR

Hello, was reviewing Globalprotect VPN Logs in Panorama and am currently stumped on how to even create an alert or find the logs in which to send to XSOAR. I reviewed the PAN-OS integration, and I can link it to Panorama, but it will collect logs bas

distributed network scan - Network Location Configuration - XDR Agent profile

Hello everyone,

Under the prevention profiles XDR agent has the capability to scan your network and find assets not onboarded using ping or nmap.
This setting also requires that you enable network location configuration.

This is from the docs:

"When

Kernel Module is Disabled - Status STOPPED - help installing

I followed the instructions on the website,and there was a problem

Where is agent v8.5???

Hello all experts,

From Agent Release below, v8.5 supposed to be released by 30Jun2024. 

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Agent-Releases/Cortex-XDR-Agent-Releases

However, 8.5 was not shown from the pull down menu wh

Close an incident when all the linked incidents are closed

Hi,

I want to be able to close an incident when all the linked incidents (child incidents) are closed. Is there a way to achieve this without having to run a post processing script for each linked incident? Post processing scripts introduce a race

Create a PDF File

Hi everyone

What is the best way to create a PDF within a Playboook? What are you all using?

Data format doesn't matter but some customisation about the pdf format would be nice.

BR

Michael

Creating Docker images

I would like to create a Docker image to make a Python Library, which is not pre-installed, available on XSOAR. Therefore, I executed the following command: 
/docker_image_create name=jpholiday base="demisto/python3-deb:3.8.2.6981" dependencies=jpholi

"<-demisto-hyper->" appears at the beginning and end of a markdown field, which makes it impossible to read the markdown during a jsontotable.

Hello,

"<-demisto-hyper->" appears at the beginning and end of a markdown field, which makes it impossible to read the markdown during a jsontotable.

Please assist.

How can I see the device control violations logs from XQL?

Good afternoon,

Is there a way to see the logs that are generated in Device control Violations?

I know that using preset = device_control in XQL we can see devices but this preset does not give me all the data that appears in the Violations section..

Cortex XQL help

Hello Dear Community, I want to count events based on specified time periods. For example I want to query hosts that scanned more than 50 hosts in 10 seconds. How can I write XQL in that case?  

Cortex XDR 

XDR agent was successfully installed on CentOS, but it is visible on endpoints all endpoints

XDR agent was successfully installed on CentOS, but I saw it on endpoints all endpoints. I checked the installation logs to ensure that it was installed successfully.

The XDR agent communicates through the broker VM, and their communication is also

Cortex XDR CE version

How to know if Cortex XDR version is CE.

Will it show on the table when I go to Endpoints ----> All Endpoints and on the Agent Version Field it should have for example 7.9.102CE, if it shows 7.9.102 only then it is a standard version? 

Thank you.

Cortex XDR DNS Collectors

Hi community,

I have a query regarding Cortex XDR collectors. When installing collectors on the local DOM servers, what types of logs does the Cortex XDR console retrieve? How can these logs help with the investigation of incidents?