topic Re: A question from the Alert Tuning Operations Webinar: PA Repository in Cortex XDR Discussions

A question from the Alert Tuning Operations Webinar: PA Repository

rtsedaka — Wed, 22 Jun 2022 21:04:03 GMT

1. Does PA have a repository of IOC to import to XDR?

2. 2. Does PA have a repository of Alert Exclusions to import to XDR? For example well known windows process and BIOC.

*Note: This question was submitted during our customer success webinar: Alert Tuning Operation in Cortex XDR

Re: A question from the Alert Tuning Operations Webinar: PA Repository

afurze — Wed, 22 Jun 2022 21:53:45 GMT

1) This is a feature of Threat Intelligence Management from Cortex XSOAR, you can ingest lists from Palo Alto Networks and other 3rd party sources and pass them in to Cortex XDR. You can reach out to your account/sales team for details

2) Cortex XDR BIOCs as well as Analytics BIOCs are already tested against well known, safe, activity to reduce false positives, there is no action required for most out of the box Windows systems. If you are encountering false positives related to known trusted Windows processes, you can utilize the concepts discussed in the alert tuning webinar to implement appropriate exceptions/exclusions

Re: A question from the Alert Tuning Operations Webinar: PA Repository

SilviuMihailDascalu — Thu, 23 Jun 2022 07:50:39 GMT

To add more context XDR directly integrates with Autofocus, VIrustotal (requires API key from the customer) and Wildfire in order to provide TI information about indicators. More information here.