Cortex XDR Pro Web Control Feature?

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

Cortex XDR Pro Web Control Feature?

L0 Member

How does Cortex XDR Pro provide Web Control to prevent end-users from accessing malicious sites? Are the AI and ML components of Cortex XDR leveraged in this situation to determine if a website is malicious/phish/spam/etc. or is there not any feature built-in to provide Web Control like all the other threat protection solutions out there that provide this feature in their product?

 

Thanks!

1 REPLY 1

L4 Transporter

Hello @C.Eide ,

 

URL filtering is a Layer 7 mechanism and Cortex operates on Layer 3. For IPs we can suggest using Cortex XDR host firewalls.

 

For URLs, there is no mechanism as such to block the URL. There is one method to create BIOC rules for incoming, outgoing and failed network connections(do not add the raw packets), and then add the domains to the list. Once created, you can add the BIOC to restrictions profiles. 

 

Please note, we work on process instances termination and not network termination. Hence the above mentioned step is regressive as any network connection made using browsers for the URL will kill the browser itself and not just the network connection. As a result, all other browser tabs will also shutdown. As a result, this is can be done for 1 or 2 URLs but not a very recommended action. It is recommended to setup a firewall configuration for URL filtering.

 

Please find the EP capabilities:

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Endpoin...

 

If you feel this has answered your query, please let us know by clicking on "mark this as a Solution". Thank you.

Ashutosh Patil
  • 306 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!