Dealing with Execution Vulnerability in Cortex XDR

Reply
Highlighted
L1 Bithead

Dealing with Execution Vulnerability in Cortex XDR

Hi Everyone,

 

How do you guys deal with Vulnerability reports in Cortex XDR?

After we got Cortex XDR integrated with out PA firewall, I can see some high alerts associated with different vulnerabilities.

The traffic is dropped, thanks to PA firewall. But, what is the best way to approach this.

I can block the host IP's who are performing the attack. But, I would have to do it every time.

What is the best way to deal with it? I was thinking of checking patches on our workstations but other than that can't find a clue.

 

One Example:

Draytek Vigor Remote Command Execution Vulnerability

Category: Vulnerability

Highlighted
L4 Transporter

Hi there, 

 

The current version of Cortex XDR does not have vulnerability scanning.  You do have defensive measures against vulnerabilities/exploits via the built in Exploit Prevention Modules (EPMs).  On the technique-based exploit side, the EPMs focus on three areas:  memory corruption, logic flaws, and malicious code execution.  There are several other methods as well.  Please check your exploit profile for more info.

 

The blocks you are seeing in the firewall are derived from signatures.  You can view threat details at https://threatvault.paloaltonetworks.com/

 

It may also be worth exploring the newly released Threat Intel Management (TIM) via Cortex XSOAR.  You can expand your protections and leverage the threat intel data to proactively block malicious IOCs.

https://www.paloaltonetworks.com/company/press/2020/palo-alto-networks-introduces-cortex-xsoar--rede...

 


David Falcon 
MDR Systems Engineer, Cortex
Palo AltoNetworks® 
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!