04-10-2024 12:04 PM
How does Cortex XDR Pro provide Web Control to prevent end-users from accessing malicious sites? Are the AI and ML components of Cortex XDR leveraged in this situation to determine if a website is malicious/phish/spam/etc. or is there not any feature built-in to provide Web Control like all the other threat protection solutions out there that provide this feature in their product?
Thanks!
04-10-2024 10:39 PM
Hello @C.Eide ,
URL filtering is a Layer 7 mechanism and Cortex operates on Layer 3. For IPs we can suggest using Cortex XDR host firewalls.
For URLs, there is no mechanism as such to block the URL. There is one method to create BIOC rules for incoming, outgoing and failed network connections(do not add the raw packets), and then add the domains to the list. Once created, you can add the BIOC to restrictions profiles.
Please note, we work on process instances termination and not network termination. Hence the above mentioned step is regressive as any network connection made using browsers for the URL will kill the browser itself and not just the network connection. As a result, all other browser tabs will also shutdown. As a result, this is can be done for 1 or 2 URLs but not a very recommended action. It is recommended to setup a firewall configuration for URL filtering.
Please find the EP capabilities:
If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
