This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

CORTEX XDR - Best practices

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

CORTEX XDR - Best practices

MxC604
L0 Member

‎06-26-2023 01:43 AM

Hi everyone !

 

I'm a beginner on CORTEX XDR, and need some help for 2 things !

 

- First, my client want to know if it's possible to schedule a Malware Scan based on the CPU use. I mean, they have around 500 computers, which are used in so many different teams, with various work hours. They need to schedule scan when the computer is alive, but when its use is low (during a break for example) ? But there is no official time for break... So is it possible to setup this kind of scan ? If not, would you have some advises ?

 

- I would like to know how to setup a Web protection with the CORTEX XDR ? For example : Web analyse, Browser exploits protection, Malicious Web Page Protection....

 

Thanks for your help !

Have a nice day.

0 Likes Likes
1 REPLY 1

nsinghvirk
L4 Transporter

‎06-28-2023 08:29 AM

Hello @MxC604 

 

Thanks for reaching out on LiveCommunity.

Below are the answers to your queries:

1. It is not possible to initiate a malware scan based on CPU usage. There are 3 ways for initiating a scan using XDR.

a. On demand scan from endpoint administration table or from action center.

b. Periodic scan that we can configure in malware security profile.

c. End user initiated scan for specific file or folder from endpoint.

Periodic scan is the best option for you. You can create multiple malware security profiles specific to timezones and then schedule scan for weekends or during off duty hours.  Below is the reference guide for creating a malware security profile.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-M...

 

If you want to know more about how to scan an endpoint, please refer below link.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Scan-an-End...

 

2. XDR is an EDR tool which do not analyse web traffic as such like firewall however it protect browsers against common exploitation techniques. Moreover, you can ingest firewall logs and can create correlation rule to have insights into web traffic. To learn more about how to set up exploitation profile and see which all processes are protected by XDR by default, please refer to below link.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-E...

 

Let me know if you have more questions.

 

0 Likes Likes
  • 891 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks