Resolved! Is it possible to block IOC from Cortex XDR?
I'm trying to block domain across in our environment. I don't want to use url filtering on PA FW, but I want to use XDR IOC to block it. is possible to do it?
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
I'm trying to block domain across in our environment. I don't want to use url filtering on PA FW, but I want to use XDR IOC to block it. is possible to do it?
Hello dear community,
As you know, weekends and on holidays the priority of alerts rises.
Is there a way to trigger in XQL Rules which are only fired on weekends and on self selected holidays?
Like on weekend anybody who opens powershell trigg
...
We intend to perform scheduled scanning on all endpoints. So we wondered if active scanning was required on all endpoints repeatedly, or if cortex developed its own scan whenever a new file was created or added to the system.
Are there any talks about Cortex XDR support for Windows 11 ARM?
Hello,
I have used the below query to get the number of the operating system.
dataset = endpoints
| filter endpoint_status = CONNECTED
| alter operating_system = to_json_string(operating_system)
| alter operating_system1 = regextract(operating_system ,
If we keep Agent Status Configure the Cortex XDR Agent license revocation and deletion period connection lost as 30 days and Agent Deletion days as180 days will the entry be deleted from the console will it delete logs also for the deleted entries be
...
Does anyone know a way to search DNS requests from an Endpoint? Seems like it should be possible with XQL Query but I can't find the right fields.
I have witelistet choesity agent but i keeps trigger
PowerShell script executing with iex from suspicious script source - Behavioral threat detected (rule: dotnet_iex_suspicious_source)
Sep 30th 2022 16:04:40 SYSTEM powershell.exe 25384 29488 Proc
is there any way that i can search bulk of endpoint in cortex xdr in one go or any other way to search the endpoints, as one and one to enter in console and search is very hectic.
Hi all,
is it possible to use a broker vm just for network mapper without using it as a real broker vm?
I don't need to modify my Cortex installation way of working, I just want to scan my network for missing cortex installation.
Thanks
Hi,
we are the delete endpoint option from all endpoints by right-clicking..
But they keep on appearing back on XDR any reason why?
Hi,
I wonder if there is a method to export the excluded alert from a Cortex XDR tenant and import this exported excluded alert into another Cortex tenant.
If I export the alert from the console filtering the alerts excluded=yes, I can download a .ts
...
Hi all
i try to install cortex agent 7.8 on server core 2022 but it fails with little explanation
did someone success on it ?
=== Verbose logging started: 21-10-22 10:56:37 Build type: SHIP UNICODE 5.00.10011.00 Calling process: C:\Wind
...
Hello ,
Please help us with the process of blocking of IOC process coming from various campaigns in cortex XDR .
Regards,
Shashank
User | Count |
---|---|
6 | |
2 | |
1 | |
1 | |
1 |
Subject | Likes |
---|---|
3 Likes | |
3 Likes | |
3 Likes | |
2 Likes | |
2 Likes |