Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
05-15-2020 12:29 AM
Hi Team,
I know we can block IP addresses with new feature called host firewall,.Since the ip is dynamic , its not a good option for me. Is it possible to block url or domain in cortex xdr?
05-18-2020 08:48 PM
The current version of the product can only block an IP Address. You can, create an IOC that will alert on this. If you use XSOAR, you could also action on the IOC.
05-18-2020 08:48 PM
The current version of the product can only block an IP Address. You can, create an IOC that will alert on this. If you use XSOAR, you could also action on the IOC.
01-24-2022 01:50 AM - edited 01-24-2022 02:47 AM
Great thank you! Hope they add the new feature to block also domains if not URL with the host firewall. Till then if the customer also has Palo Alto firewalls maybe this is an option for the Cortex XDR to generate EDL lists that the Palo Alto firewall (Palo Alto Firewall and Cortex XDR integration) can consume:
Also it is good to enable the firewalls access to the Cortex XDR and for the firewall to send its logs to the Cortex Data Lake so the Cortex XDR can see the network taffic:
https://www.paloaltonetworks.com/blog/2020/03/cortex-busted-by-cortex-xdr/
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
