CORTEX XDR - Best practices

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

CORTEX XDR - Best practices

L0 Member

Hi everyone !

 

I'm a beginner on CORTEX XDR, and need some help for 2 things !

 

- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many different teams, with various work hours. They need to schedule scan when the computer is alive, but when its use is low (during a break for example) ? But there is no official time for break... So is it possible to setup this kind of scan ? If not, would you have some advises ?

 

- I would like to know how to setup a Web protection with the CORTEX XDR ? For example : Web analyse, Browser exploits protection, Malicious Web Page Protection....

 

Thanks for your help !

Have a nice day.

1 REPLY 1

L4 Transporter

Hello @MxC604 

 

Thanks for reaching out on LiveCommunity.

Below are the answers to your queries:

1. It is not possible to initiate a malware scan based on CPU usage. There are 3 ways for initiating a scan using XDR.

a. On demand scan from endpoint administration table or from action center.

b. Periodic scan that we can configure in malware security profile.

c. End user initiated scan for specific file or folder from endpoint.

Periodic scan is the best option for you. You can create multiple malware security profiles specific to timezones and then schedule scan for weekends or during off duty hours.  Below is the reference guide for creating a malware security profile.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-M...

 

If you want to know more about how to scan an endpoint, please refer below link.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Scan-an-End...

 

2. XDR is an EDR tool which do not analyse web traffic as such like firewall however it protect browsers against common exploitation techniques. Moreover, you can ingest firewall logs and can create correlation rule to have insights into web traffic. To learn more about how to set up exploitation profile and see which all processes are protected by XDR by default, please refer to below link.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-E...

 

Let me know if you have more questions.

 

  • 1851 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!