This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Cortex XDR Custom Prevention Profiles

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Cortex XDR Custom Prevention Profiles

MarvinC
L2 Linker

‎06-22-2022 04:35 PM

Hi Palo Alto Team and Community!

 

I am recently working on Custom Prevention Rules on Restriction Profiles on Cortex XDR. 

 

I understand that I need to create user defined BIOC then attach it to a Restriction Profile for it to be a custom prevention rule where I can set it to Block as intended. 

The problem here is, there are some BIOC that I cannot attach to a Restriction Profile such as BIOC with a hash an external IP address. 

Are there limitations to user defined BIOC for it to be attached to a Restriction Profile?

 

I managed to create a user defined BIOC that I have successfully attached to a Restriction Profile (e.g. A file create and write user defined BIOC).

 

Would be interesting to know the limitations.

 

Let's have a seat and talk for a while.
0 Likes Likes
2 REPLIES 2

bbarmanroy
L5 Sessionator

‎06-22-2022 07:57 PM

Hey @MarvinC there are two use cases you seem to be aiming at. Let me address them individually:
1. blocking hashes - one option is to add them to the global Block list. In this case, hope this helps:

bbarmanroy_0-1655952822907.png

2. Blocking IP addresses: You can use Host Firewalls (recommended and easily managed). Alternately, use BIOC's .

bbarmanroy_1-1655953008554.png

 

0 Likes Likes

MarvinC
L2 Linker
In response to bbarmanroy

‎06-22-2022 08:01 PM

Hi bbarmanroy,

Appreciate your help.

In cases that hose firewall is not in use, we have tried BIOC yet it is not
applying to restriction profile when we are including IP addresses as a
criteria.
Let's have a seat and talk for a while.
0 Likes Likes
  • 2593 Views
  • 2 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks