Device control violation alert\bioc
Im looking for a way to alert when a device control violation occurs
Currently ive not found a xql query that works
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Im looking for a way to alert when a device control violation occurs
Currently ive not found a xql query that works
Hi,
I want to enable MFA in my account to access support and XDR account.
But I am unable to setup.
Can anyone help to solve it?
Is it normal behavior that the trapsd.log file contains the list of allowed files in my restriction profile.
Since this is only names of files and not hashes, an attacker could take advantage of this list
Hello dear community,
is there a way to hunt for a manually started powershell.exe where a attacker started wget.
In this case I opened cmd and typed this CMD in. Cortex XDR recognized it.
But when I manualy open powershell and type in manualy wg
...
Few questions . Thanks in advance
1) We have Cortex Prevent 3.2 , so if we move to Pro from Prevent , do we have to use a different agent ? We are using agent version 7.6.1 . Any other thing we need to worry about or make note about in this context ?
...
Hello!
Has anyone started ingesting Duo admin or authentication logs into Cortex XDR?
Duo provides a log sync utility but it doesn't support an API key like the HTTP Custom Collector would require and it doesn't write logs to disk (design decision) so
Hello dear Community!
I hope I am not the only one with this problems in the incident area:
1. When you get a incident message on your mobile phone, I get really angry because scrolling in the frame of the text-message is really stressful. Scrolling
...
Hey dear sec community!
is there a way to setup an correlation rule, which can block and not only detect?
I couldn't find a way. I tried the XQL queries from the libary.
https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investi
...
Wondering where Cortex is at with this Critical vuln from Atlassian? We are actively moving forward with mitigations, but would like Cortex to be able to take action as well if needed.
Confluence Security Advisory 2022-06-02 | Confluence Data Center
...
Hi,
Starting with Version 7.7 the downloadable Package is still named *.deb, in fact it is a tar.gz containing the following:
-config file
-readme
-deb-file
Which means, you cannot just install the so-called "deb package", but you have to create a directo
...
Does Cortex XDR Prevent protect against CVE-2022-30190 (Microsoft Support Diagnostic Tool Vulnerability)?
Thank you!
To mitigate cve-2022-30190 i wanted to add the file hashes of the msdt.exe binary to the blocklist; but with no effect until now.
The hashes occure in the logfile of the agent below hashcontrol as enabled, but verdict has a value "0".
Is it possible, t
Brief:
Spring4Shell Vulnerability Exists in the Spring Framework. Java based application are developed using this framework, we would not see direct installation of spring framework on the system but as part of a Java application. (At least what I hav
...
Hi guys!
Recently, we often encounter incidents associated with a large number of port scans in Cortex XDR. We assume that this started after the last update. Does anyone else have something similar?
Thank you!
Hello ,
Just wondering why does cortex block hashes that are already part of allow list sometimes ?
User | Count |
---|---|
7 | |
5 | |
3 | |
3 | |
3 |
Subject | Likes |
---|---|
15 Likes | |
9 Likes | |
3 Likes | |
3 Likes | |
2 Likes |
User | Likes Count |
---|---|
15 | |
9 | |
7 | |
6 | |
5 |