XQL query for hunting MS-DFSNM
Hello dear community,
has anyone of you a XQL Query for this type of attack?
https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/
BR
Rob
Cortex XDR allows you to rapidly detect and respond to threats across your networks, endpoints, and clouds. It assists SOC analysts by allowing them to view ALL the alerts from all PANW products in one place, telling the full story of what actually happened in seconds and allows seamless response.
Please note: All postings in LIVEcommunity are visible to other users; please keep your network secure by refraining from posting live IP address’s or domain names here. Contact your Customer Success team for network-specific questions.
Hello dear community,
has anyone of you a XQL Query for this type of attack?
https://www.bleepingcomputer.com/news/microsoft/new-dfscoerce-ntlm-relay-attack-allows-windows-domain-takeover/
BR
Rob
We have several hundred Global Protect users using Auto VPN. It would be nice to
see their global protect logs, ipconfig /all, netstat -rn information before calling them
back on a filed ticket. Can Cortex collect these logs on a regular basis without
...
Hello , is there any way in cortex XDR to block executions without whitelisting/blocking the hash/file path and not get
any incident or alert and at the same time.
Hi,
I turn on the Host Insights free trial and not see any information on Host Insights,
when i did that to other customers ther all working well but at this one its not working, what is the problem?
i did calculated again, i turn that on week ago.
Hello
Please share any experience or advice for below situation and how best to approach this .
Currently agents are connected to UK Cortex XDR tenant via a Broker VM installed on premise . Now the need is to use EU Cortex XDR tenant ,this will
...Subject | Likes |
---|---|
3 Likes | |
2 Likes | |
2 Likes | |
2 Likes | |
1 Like |
User | Likes Count |
---|---|
7 | |
5 | |
3 | |
3 | |
3 |