https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377684#M455 <P>I find that as of 17 Dec, there was at least two different BIOC Rules that were added. &nbsp;Are you seeing those in your instances?</P><P>&nbsp;</P><P>SunBurst domain access</P><P>SunBurst Module loaded</P> Mon, 04 Jan 2021 16:49:03 GMT KRisselada 2021-01-04T16:49:03Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377671#M454 <P>Hi</P><P>&nbsp;</P><P><SPAN>Does Traps Cortex XDR, has prevention for&nbsp;</SPAN><SPAN>SolarWinds Orion Backdoor Supply Chain Attack (Sunburst/ Solorigate)?</SPAN></P> Mon, 04 Jan 2021 16:33:16 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377671#M454 OsamaKhan 2021-01-04T16:33:16Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377684#M455 <P>I find that as of 17 Dec, there was at least two different BIOC Rules that were added. &nbsp;Are you seeing those in your instances?</P><P>&nbsp;</P><P>SunBurst domain access</P><P>SunBurst Module loaded</P> Mon, 04 Jan 2021 16:49:03 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377684#M455 KRisselada 2021-01-04T16:49:03Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377722#M457 <P>HI&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/116059">@OsamaKhan</a>,</P><P>&nbsp;</P><P>Palo Alto Networks' Unit 42 published a blog about this recently where it was stated that the Cortex XDR agent offers protection using several modules. From Unit42:</P><P>&nbsp;</P><P class="lia-indent-padding-left-30px">"Cortex XDR customers are protected using the product’s WildFire integration, as well as through the Local Analysis, the Password Theft Protection module, and the Behavioral Threat Protection (BTP) engine. Protections are continually being evaluated, developed, and deployed for Cortex XDR."</P><P>&nbsp;</P><P>Read more here: <A href="https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/?utm_source=bambu&amp;medium=social&amp;campaign=advocacy&amp;blaid=1043288" target="_self">https://unit42.paloaltonetworks.com/fireeye-solarstorm-sunburst/?utm_source=bambu&amp;medium=social&amp;campaign=advocacy&amp;blaid=1043288</A></P> Mon, 04 Jan 2021 19:03:47 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377722#M457 gjenkins 2021-01-04T19:03:47Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377754#M459 <P>In addition to the Unit 42 blog, please see the latest information about new agent protection mechanisms, new XQL queries and detection rules at:&nbsp;<A href="https://blog.paloaltonetworks.com/2020/12/cortex-solarstorm-variants-imitators/" target="_blank">https://blog.paloaltonetworks.com/2020/12/cortex-solarstorm-variants-imitators/</A></P> Mon, 04 Jan 2021 20:38:54 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/does-cortex-xdr-prevents-solarwinds-orion-backdoor-attack/m-p/377754#M459 kcross 2021-01-04T20:38:54Z