08-24-2022 01:47 PM - edited 09-03-2022 02:44 AM
Hello dear community!
Has anyone of you some XQL for hunting sliver C2?
Is Cortex XDR (pro) preventing us?
BR
Rob
09-02-2022 09:03 AM
Hi Rob,
Thank you for submitting a coverage request for the Silver C2.
As for your first question regarding an XQL query, one has not yet been developed by our engineering team at this time.
As for the second question, we are unable to confirm coverage for this type of attack with Cortex XDR. If you would like to receive direct notifications when advances in this coverage may have been deployed, we highly recommend contacting our TAC team at https://support.paloaltonetworks.com/. They may also be able to provide an XQL query if there is a detection available.
Additionally, I was able to contact internal resources regarding this attack as well and can provide coverage/XQL query updates in the LiveCommunity when it is available, however, there is no guarantee that one will be delivered at this time.
09-07-2022 06:58 AM
Hi Rob,
I was able to confirm that our agent research team is currently adding coverage for the Silver C2 framework. This will utilize static protection with anti-malware flow along with behavioral protection in BTP. If there are additional advances internally, I will be able to continue providing updates in LiveCommunity.
09-07-2022 01:32 PM
Hey Mfakhouri,
thanks a lot!
BR
Rob
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
