Cortex XDR – Investigation and Response Known Issues

Known issues with the Cortex XDR – Investigation and Response app.
The following table describes known issues in the Cortex XDR – Investigation and Response app:
Issue ID
Description
Palo Alto Networks has disabled firewall logs as an alert source for some customers and expects to re-enable firewall logs in the next release.
DIT-2422On Cortex Data Lake, Endpoint Data Logs display 0MB of logs although Traps data is received. This differs from the allocated logging storage displayed in Cortex XDR – Investigation and Response.
XDR-2363When an incident includes an alert from a PAN FW alert source that does not identify the operating system for a host, the incidents table excludes the host name in the Hosts field.
XDR-2337When you create an exclusion policy for alerts that include an IP address, Cortex XDR – Investigation and Response does not suppress alerts that identify the IP address.
XDR-2335When you try to export records from the Alerts table, Cortex XDR – Investigation and Response does not create the tab-separated values (TSV) file.

Related Documentation