Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hello dear community,
Has anyone of you a ready to upload script for IOCs to cortex XDR (directly) from a file? Could you share it?
How and where do you handle the doublettes?
BR
Rob
Hi All,
There are incidents on XDR Console which have alert dated 10-12 days back. Need to understand the time gap and why this incident was not observed on the same day.
Thank you
Hello,
Can you please help with co- relation rule for detecting one host scanning multiple ports
Regards,
Shashank
Our company's developer is creating a test application, but Cootex is blocking it because it is unsigned. Please let us know how to resolve this.
Hello,
I would like to know about the browser version present in the system. Is it possible to get this detail from cortex XDR console?
Thanks in advance!
Regards,
Sakshi Seth
What I've found in the information available in the Reports of XDR seems to be fairly high level data.
I'm looking to get some more detailed information.
Kind of like what I can get by filtering my Endpoints and manually saving to file.
Is this possi
...
Hi,
There were endpoints that were visible earlier in the console couple of days back but now we are not able to see them.
Also, I can see their latest entries on the agent audit logs
Thanks
Hi All, we are planning to enable the auto-upgrade feature in our environment. One of the questions I was asked is what directory does the package get pushed to and installed from?
For example, does a package get pushed to C:\Windows\Temp and then
...
Hello
How can we perform agent upgradation on VDI pending logins servers in cortex xdr?
Cortex XDR
By compliance, we need to set periodic endpoint scans. We have several endpoints which have network shared folders in common, and we wouldn't like to scan the same network shared folder several times at the same time. We would like to kno
...
I tried to activate syslog collector applet in Broker VM but the connection status goes from connecting to connection failed/error. Kindly help if you have troubleshooted this issue.
Cortex XDR
Hello,
I know this migth not easy to answer, but I'm going to take my chance anyway.
Are there any incident best practices for (each) Cortex XDR detector documented ? For example what a certain detector means, what the best thing is to do in this case,
Hello community, does anyone have more information pertaining to Ransomware Protection (Protection Mode) between "Aggressive" vs "Normal"?
From what I understand is that aggressive mode will have decoy files being created on the local machine.
is it possible to create a query to detect a specific java injection process?
Regards,
Shashank
| User | Likes Count |
|---|---|
| 5 | |
| 3 | |
| 2 | |
| 2 | |
| 2 |
