Blocking Powershell Execution
Hi,
Is it possible to block PowerShell execution on all endpoints through CortexXDR, if possible kindly give the process to do the same?
Thanks
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hi,
Is it possible to block PowerShell execution on all endpoints through CortexXDR, if possible kindly give the process to do the same?
Thanks
Hello,
We need to block PowerShell executions on the some endpoints. how can we block Powershell dll files so that PowerShell cannot be loaded.
We have created a BIOC rule and it is flagging legitimate Powershell executions also. Can we exclude
...
Hi we have multiple failed connections from one host to several local IP
below cmd was in initiator
C:\WINDOWS\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
Does anyone have any tips or things they do to get the most out of the add-on? I'm just getting it configured it as my company purchased a few licenses for it. I think I've got it configured correctly in the agent settings but I'm also second guessin
...
We have a amazon EC2 server with 16GB ram, but the cortex agent is consuming more than 500 mb sometimes.
Can any one answer what is the normal ram usage for cortex agent?
version Cortex XDR 7.9.1.26645
Hi Expert ,
I want to filter out some info from dataset such as " message:111.111.111.11" I want to filter just IP-address with regex and remove "message:" how to filter it on XQL
Thank you
Hello Team,
Is there any way to get a report/notification in XDR console whenever a user disables agent on their system. Do let us know if there is any way to track this activity.
Hello Everyone,
I am trying to find a way to search for multiple of the same file hashes across multiple field types, but can't seem to figure it out. I was thinking it could be something like:
dataset = xdr_data | filter where action_file_sha25
...
Hello, I am attempting to write a query in which I display the host inventory applications and the Group Names field from the endpoint dataset. I have used in separate occasions Union and Join On but without success.
What can I do without affecting
...
Hello,
How much time does it take for the machines to take a latest content update from the console?
Hello dear community,
does Cortex XDR Pro handle also the protected event logging?
https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.core/about/about_logging_windows?view=powershell-7.3#enabling-script-block-logging
BR
...
We were monitoring the XDR Agent Audit logs and found out a lot of agents have this alert Quota Exceeded: "XDR service cyserver was stopped on ****."
Can anyone explain this, why this can happen?
Hi All, I'm having a discussion with one of the PaloAlto support team members about an agent that is installed but disabled on one of our Windows endpoints. There are a number of endpoints with disabled agents out there but I opened a ticket for this
...
Hello!
Can I add a list of hashes to block list?
Maybe from CSV?
I have to add every hash manually?
I have a list of 80 IOCs of a ransomware and I would like to add them to the block list at once.
Is it possible?
Thanks in advance.
Hi community,
I am attempting to create a BIOC detection for CVE-2023-2033.
I can see via host insights there are some machines which are running versions vulnerable to this exploit, however I am looking to create a BIOC to trigger based on chro
...Subject | Likes |
---|---|
3 Likes | |
3 Likes | |
3 Likes | |
1 Like | |
1 Like |