This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Buy or Renew
Buy or Renew
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Security Operations
Post questions, provide answers, share best practices, and connect with peers and experts in this area dedicated to Cortex XDR, XSOAR, and Xpanse discussions.

Browse the Community

Cortex XDR Discussions

Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.

2449 Posts

Cortex XSOAR Discussions

Cortex XSOAR enables SOC analysts to manage alerts across all sources, standardize processes with playbooks, take action on threat intel, and automate response for any security use case.

1267 Posts

Cortex Xpanse Discussions

Cortex Xpanse builds a system of record that is the authoritative source for an organization’s global Internet assets; it knows your attack surface so you can own it before someone else.

9 Posts

Cortex XSIAM Discussions

Cortex XSIAM, the autonomous security platform powering the Modern SOC, operates across cloud and enterprise security operations, providing true end-to-end management of threats wherever they originate.

110 Posts

Activity in Security Operations

Start a conversation

Limit the use of memory of Cortex XDR pro agent

Hi, We have a large memory consuption of memory in SQL servers and micro-services, the question it is posiible to limit the memory consuption for these especific cases or there is another recomendation to create a profile with some exceptions for the SQL process? Actually is some cases the agent is using 3 GB or more of memory. Thanks for your...

Resolved! Evasion Technique - 1244315488

Hi, We are getting a few alerts for "Evasion Technique - 1244315488" - "Evasion technique using reflective loading." While investigating I can see that a base64 encoded PE file is written in the registry by taskhosw.exe under "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\UCPD\DR\000" -The registry key is not super well documented (UserCh...

Cortex XDR - Automation Rules

Greetings,Im trying to configure "Automation Rules" to "High" severity issues for the automatic isolation of endpoints. Right now its configured as the following images show, but theyre not triggering the playbooks nor rules. ¿Any ideas or suggestions on why its not triggering?

LAguero_0-1761831187524.png
LAguero_1-1761831211623.png
LAguero_2-1761831227232.png
LAguero_3-1761831271872.png
L.Aguero by L0 Member
  • 212 Views
  • 3 replies
  • 0 Likes

XSOAR Dev to Prod - Builtin content repository

Hi, I'm looking into how we can use the built-in content repository to push content from the development to the production tenant. In this scenario, Palo Alto will handle the content repository. If I want to manage branching, is it possible to do so without using a private GitHub repository? I would appreciate any insights on this.

Resolved! Can Cortex XDR fully substitute for Microsoft Defender Attack Surface Reduction (ASR) rules?

Hello Cortex XDR Community, We are in the process of transitioning our endpoint security stack and are using Cortex XDR as our primary AV/EDR solution, with Microsoft Defender offboarded. Our goal is to have a single, fully functional security control plane within Cortex. We have a detailed set of Microsoft Defender Attack Surface Reduction (ASR...

atief by L0 Member
  • 389 Views
  • 1 replies
  • 0 Likes

Any.run Cloud Sandbox Integration - Instructions not Clear

Hello LiveComm, I am attempting to establish the Any.run integration on my XSOAR. I am using the latest version and have an issue with the instance properties. Firstly, there is no "Use system proxy settings" and the instance requires URL, User, Password API Key, API Key ID. Every value here is obligatory and it is not clear how to make this wor...

Deduping in Playbooks

I'm confused as to how to use the DedupBy command/script in my Playbook. I have a set command that grabs all the UPNs from a list of alerts in the data. This results in the Context data of:Defender:{UPNs:[0:"user1@domain.com"1:"user2@domain.com"2:"user1@domain.com"3:"user3@domain.com"]}I'd like to Dedup this list to use later on in my Playbook b...

sackett by L1 Bithead
  • 95 Views
  • 0 replies
  • 0 Likes

How to delete Endpoints that have old agent and could not be uninstalled

Hello, I have 2 endpoints with old version: - 7.3.0.16740 on a server - 8.6.0.3704 on a computer I could not upgrade them and have no more access to those computers (in another country). I asked admin to uninstall, he did not. How to remove link between Agent and Cortex XDR server to recover the licenses. Thank you in advance for any help

S.MASSON by L0 Member
  • 201 Views
  • 1 replies
  • 0 Likes

xql query for process

Hi. i just try to do some basic threat hunting. dataset = xdr_data| filter action_process_image_name in ("a.exe", "b.exe")| fields agent_hostname, actor_effective_username, action_process_image_name, action_process_image_command_line , _time| sort desc _time so i try to identfied two different process is happening at same endpoints. how to do...

T.Nurmi by L1 Bithead
  • 186 Views
  • 1 replies
  • 0 Likes

Cortex XDR markertspace

"I recently installed the Microsoft Teams add-on in Cortex XDR markertspace, but I'm not sure how to configure it or where to navigate. After adding the add-on, where can I find it and how can I use it?"

Load more
Register or Sign-in
Top Solution Authors
View All
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2025 - Palo Alto Networks