How do you guys deal with Vulnerability reports in Cortex XDR?
After we got Cortex XDR integrated with out PA firewall, I can see some high alerts associated with different vulnerabilities.
The traffic is dropped, thanks to PA firewall. But, what is the best way to approach this.
I can block the host IP's who are performing the attack. But, I would have to do it every time.
What is the best way to deal with it? I was thinking of checking patches on our workstations but other than that can't find a clue.
Draytek Vigor Remote Command Execution Vulnerability
The current version of Cortex XDR does not have vulnerability scanning. You do have defensive measures against vulnerabilities/exploits via the built in Exploit Prevention Modules (EPMs). On the technique-based exploit side, the EPMs focus on three areas: memory corruption, logic flaws, and malicious code execution. There are several other methods as well. Please check your exploit profile for more info.
The blocks you are seeing in the firewall are derived from signatures. You can view threat details at https://threatvault.paloaltonetworks.com/.
It may also be worth exploring the newly released Threat Intel Management (TIM) via Cortex XSOAR. You can expand your protections and leverage the threat intel data to proactively block malicious IOCs.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!