Device control violation alert\bioc
Im looking for a way to alert when a device control violation occurs
Currently ive not found a xql query that works
Discussions
Resolved! Enabling MFA in support portal
Hi,
I want to enable MFA in my account to access support and XDR account.
But I am unable to setup.
Can anyone help to solve it?
Trapsd.log contains allowed files in restriction profile
Is it normal behavior that the trapsd.log file contains the list of allowed files in my restriction profile.
Since this is only names of files and not hashes, an attacker could take advantage of this list
Resolved! Process Hunting - Powershell + WGET typing manualy
Hello dear community,
is there a way to hunt for a manually started powershell.exe where a attacker started wget.
In this case I opened cmd and typed this CMD in. Cortex XDR recognized it.
But when I manualy open powershell and type in manualy wg
...
Resolved! Cortex XDR 3.2 Tenant and License questions
Few questions . Thanks in advance
1) We have Cortex Prevent 3.2 , so if we move to Pro from Prevent , do we have to use a different agent ? We are using agent version 7.6.1 . Any other thing we need to worry about or make note about in this context ?
...Resolved! Duo admin/auth logs in Cortex XDR
Hello!
Has anyone started ingesting Duo admin or authentication logs into Cortex XDR?
Duo provides a log sync utility but it doesn't support an API key like the HTTP Custom Collector would require and it doesn't write logs to disk (design decision) so
Resolved! Mail - Incident handling
Hello dear Community!
I hope I am not the only one with this problems in the incident area:
1. When you get a incident message on your mobile phone, I get really angry because scrolling in the frame of the text-message is really stressful. Scrolling
...Resolved! Correlation rules create incident
Hey dear sec community!
is there a way to setup an correlation rule, which can block and not only detect?
I couldn't find a way. I tried the XQL queries from the libary.
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investi
...Confluence Server and Data Center - CVE-2022-26134
Wondering where Cortex is at with this Critical vuln from Atlassian? We are actively moving forward with mitigations, but would like Cortex to be able to take action as well if needed.
Confluence Security Advisory 2022-06-02 | Confluence Data Center
...Cortex Linux Agent Debian Package messed up
Hi,
Starting with Version 7.7 the downloadable Package is still named *.deb, in fact it is a tar.gz containing the following:
-config file
-readme
-deb-file
Which means, you cannot just install the so-called "deb package", but you have to create a directo
...CVE-2022-30190 - Microsoft Support Diagnostic Tool Vulnerability
Does Cortex XDR Prevent protect against CVE-2022-30190 (Microsoft Support Diagnostic Tool Vulnerability)?
Thank you!
Cortex does not block Windows binaries
To mitigate cve-2022-30190 i wanted to add the file hashes of the msdt.exe binary to the blocklist; but with no effect until now.
The hashes occure in the logfile of the agent below hashcontrol as enabled, but verdict has a value "0".
Is it possible, t
XQL - Hunt for Possible Spring4Shell Vulnerable Application
Brief:
Spring4Shell Vulnerability Exists in the Spring Framework. Java based application are developed using this framework, we would not see direct installation of spring framework on the system but as part of a Java application. (At least what I hav
...A large number of port scans
Hi guys!
Recently, we often encounter incidents associated with a large number of port scans in Cortex XDR. We assume that this started after the last update. Does anyone else have something similar?
Thank you!
Cortex blocking hashes in allowed list
Hello ,
Just wondering why does cortex block hashes that are already part of allow list sometimes ?
Copyright 2007 - 2023 - Palo Alto Networks