10-04-2021 08:47 AM
Hi community,
Can I check is there any one create a alert if a user copied more than a certain number of files into a USB drive?
Thank You, Cheers!
10-04-2021 09:31 AM
Hi @BoonHwee Cortex XDR analytics offers the ability to detect and alert anomalies with USB storage activity. The following are just two XDR analytics alert references:
Please note, Cortex XDR analytics requires an XDR Pro license, and the USB Storage Device alerts have required data sources (Palo Alto Networks Firewall Logs and XDR agent), and a required detection module with the Identity Analytics.
In terms of XDR Device Control, the feature is designed to block or allow USB-connected removable devices depending on how you have configured your Device Configuration - Extensions profile. If I understand the scope of your question correctly, then the device control configuration option is not available at this time. If you would like to request feature enhancements to device control / alerting, then please coordinate with your XDR SE or Customer Success POCs where applicable.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
