https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/dealing-with-execution-vulnerability-in-cortex-xdr/m-p/323038#M51 <P>Hi Everyone,</P><P>&nbsp;</P><P>How do you guys deal with&nbsp;Vulnerability reports in Cortex XDR?</P><P>After we got Cortex XDR integrated with out PA firewall, I can see some high alerts associated with different vulnerabilities.</P><P>The traffic is dropped, thanks to PA firewall. But, what is the best way to approach this.</P><P>I can block the host IP's who are performing the attack. But, I would have to do it every time.</P><P>What is the best way to deal with it? I was thinking of checking patches on our workstations but other than that can't find a clue.</P><P>&nbsp;</P><P>One Example:</P><P>Draytek Vigor Remote Command Execution Vulnerability</P><P>Category: Vulnerability</P> Thu, 16 Apr 2020 03:33:53 GMT Sailesh_Aryal 2020-04-16T03:33:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/dealing-with-execution-vulnerability-in-cortex-xdr/m-p/323038#M51 <P>Hi Everyone,</P><P>&nbsp;</P><P>How do you guys deal with&nbsp;Vulnerability reports in Cortex XDR?</P><P>After we got Cortex XDR integrated with out PA firewall, I can see some high alerts associated with different vulnerabilities.</P><P>The traffic is dropped, thanks to PA firewall. But, what is the best way to approach this.</P><P>I can block the host IP's who are performing the attack. But, I would have to do it every time.</P><P>What is the best way to deal with it? I was thinking of checking patches on our workstations but other than that can't find a clue.</P><P>&nbsp;</P><P>One Example:</P><P>Draytek Vigor Remote Command Execution Vulnerability</P><P>Category: Vulnerability</P> Thu, 16 Apr 2020 03:33:53 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/dealing-with-execution-vulnerability-in-cortex-xdr/m-p/323038#M51 Sailesh_Aryal 2020-04-16T03:33:53Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/dealing-with-execution-vulnerability-in-cortex-xdr/m-p/323187#M52 <P>Hi there,&nbsp;</P><P>&nbsp;</P><P>The current version of Cortex XDR does not have vulnerability scanning.&nbsp; You do have defensive measures against vulnerabilities/exploits via the built in Exploit Prevention Modules (EPMs).&nbsp; On the technique-based exploit side, the EPMs focus on three areas:&nbsp; memory corruption, logic flaws, and malicious code execution.&nbsp; There are several other methods as well.&nbsp; Please check your exploit profile for more info.</P><P>&nbsp;</P><P>The blocks you are seeing in the firewall are derived from signatures.&nbsp; You can view threat details at&nbsp;<A href="https://threatvault.paloaltonetworks.com/" target="_blank">https://threatvault.paloaltonetworks.com/</A>.&nbsp;</P><P>&nbsp;</P><P>It may also be worth exploring the newly released Threat Intel Management (TIM) via Cortex XSOAR.&nbsp; You can expand your protections and leverage the threat intel data to proactively block malicious IOCs.</P><P><A href="https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-introduces-cortex-xsoar--redefines-security-orchestration-and-automation-with-integrated-threat-intel-management" target="_blank">https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-introduces-cortex-xsoar--redefines-security-orchestration-and-automation-with-integrated-threat-intel-management</A></P><P>&nbsp;</P> Thu, 16 Apr 2020 15:29:32 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/dealing-with-execution-vulnerability-in-cortex-xdr/m-p/323187#M52 dfalcon 2020-04-16T15:29:32Z