Suspicious URL detection by cortex

Seth_Sakshi — Fri, 07 Jul 2023 10:55:07 GMT

Hi All,

Will cortex be able to detect if there is any malicious URL clicked by user?

Also, would like to know how cortex detect the ransomware attack.

Regards,

Sakshi Seth

Re: Suspicious URL detection by cortex

BPry — Fri, 07 Jul 2023 13:49:35 GMT

@Seth_Sakshi,

Cortex XDR isn't meant to do any web filtering. I think it's assumed that you have your endpoints routing traffic through another PAN product (firewall, GlobalProtect, Prisma Access) and that these other products are already providing that coverage for you in the event you need it.

With ransomware detection there's a few different methods that XDR will use. Obviously if the file is known to be malicious it'll just block the execution, it'll look at the processes from a behavioral analysis aspect, and then it deploys (very small) decoy files across every single directory.

The overview that I've attached is slightly older, but it'll give you a good fundamental overview.

topic Suspicious URL detection by cortex in General Topics

Suspicious URL detection by cortex

Re: Suspicious URL detection by cortex