XQL query for hunting MS-DFSNM
Hello dear community,
has anyone of you a XQL Query for this type of attack?
https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/
BR
Rob
This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
Options
- Mark all as New
- Mark all as Read
- Float this item to the top
- Subscribe to RSS Feed
- Threaded format
- Linear Format
- Sort by Topic Start Date
Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Palo Alto Networks Approved
Community Expert Verified
About Cortex XDR Discussions
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Discussions
Can Cortex XDR proactively log Global Protect client debug?
We have several hundred Global Protect users using Auto VPN. It would be nice to
see their global protect logs, ipconfig /all, netstat -rn information before calling them
back on a filed ticket. Can Cortex collect these logs on a regular basis without
...Blocking executions without showing any alerts
Hello , is there any way in cortex XDR to block executions without whitelisting/blocking the hash/file path and not get
any incident or alert and at the same time.
Resolved! Not see any information on Host Insights
Hi,
I turn on the Host Insights free trial and not see any information on Host Insights,
when i did that to other customers ther all working well but at this one its not working, what is the problem?
i did calculated again, i turn that on week ago.
Broker VM questions - Tenant switch for agent
Hello
Please share any experience or advice for below situation and how best to approach this .
Currently agents are connected to UK Cortex XDR tenant via a Broker VM installed on premise . Now the need is to use EU Cortex XDR tenant ,this will
...New solutions
Latest Comments
- anlynch on: Ingesting Syslog to Private/Internal Syslog
- anlynch on: User validity via VPN /RDP.
- anlynch on: Cortex Domain controllers exceptions
- neelrohit on: Modifying Policies and Profiles on XDR
- KErickson1 on: Finding if a URL was visited using XQL in Cortex
- neelrohit on: Rollback feature for agent upgrade
- timurphy on: File search based on Host
- mavraham on: Intense SSO failures
- mavraham on: Cortex XDR agent error 307
- anlynch on: Auto Agent Upgrade in 3.6 version
Top Liked Posts
| Subject | Likes |
|---|---|
| 3 Likes | |
| 2 Likes | |
| 2 Likes | |
| 2 Likes | |
| 1 Like |
Top Liked Authors
| User | Likes Count |
|---|---|
| 7 | |
| 5 | |
| 3 | |
| 3 | |
| 3 |
Labels
-
Best Practice
1 -
Cortex Data Lake
3 -
Cortex XDR
16 -
Cortex XDR Webinars
2 -
Events
1 -
IoT Security
1 -
Isolation
1 -
Management
2 -
PA Firewall
1 -
PAN-Os
1 -
question
7 -
Setup & Administration
2 -
SIEM
1 -
threat prevention
2 -
XDR
2 -
XDR Events
2 -
XDR Webinars
1
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks