Enhanced Security Measures in Place:   To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.

Dealing with Execution Vulnerability in Cortex XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

Dealing with Execution Vulnerability in Cortex XDR

L1 Bithead

Hi Everyone,

 

How do you guys deal with Vulnerability reports in Cortex XDR?

After we got Cortex XDR integrated with out PA firewall, I can see some high alerts associated with different vulnerabilities.

The traffic is dropped, thanks to PA firewall. But, what is the best way to approach this.

I can block the host IP's who are performing the attack. But, I would have to do it every time.

What is the best way to deal with it? I was thinking of checking patches on our workstations but other than that can't find a clue.

 

One Example:

Draytek Vigor Remote Command Execution Vulnerability

Category: Vulnerability

1 REPLY 1

L4 Transporter

Hi there, 

 

The current version of Cortex XDR does not have vulnerability scanning.  You do have defensive measures against vulnerabilities/exploits via the built in Exploit Prevention Modules (EPMs).  On the technique-based exploit side, the EPMs focus on three areas:  memory corruption, logic flaws, and malicious code execution.  There are several other methods as well.  Please check your exploit profile for more info.

 

The blocks you are seeing in the firewall are derived from signatures.  You can view threat details at https://threatvault.paloaltonetworks.com/

 

It may also be worth exploring the newly released Threat Intel Management (TIM) via Cortex XSOAR.  You can expand your protections and leverage the threat intel data to proactively block malicious IOCs.

https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-introduces-cortex-xsoar--rede...

 


David Falcon 
Senior Solutions Architect, Cortex
Palo Alto Networks® 
  • 4141 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!