Inquiry: URL IOC Capability in Cortex XDR

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Inquiry: URL IOC Capability in Cortex XDR

L0 Member

Dear Palo Alto Community,

 

I hope this message finds you well. As an active member of the community, I would like to reach out and seek your expertise regarding the capabilities of Cortex XDR, specifically in relation to the integration of URL Indicators of Compromise (IOCs).

 

Recently, our organization has been exploring ways to enhance our threat detection and response capabilities, and we are particularly interested in incorporating URL IOCs into our security framework. We believe that such integration can significantly bolster our defenses against malicious online activities.

 

To this end, we would greatly appreciate insights from the community regarding the following:

  • Does Cortex XDR currently support the inclusion of URL IOCs?
  • If so, what are the recommended steps and best practices for adding and managing URL IOCs within Cortex XDR?
  • Are there any limitations or considerations we should be aware of when working with URL IOCs in Cortex XDR?

Your valuable knowledge and experience will assist us in making informed decisions and optimizing the effectiveness of our security infrastructure. We are eager to leverage the collective wisdom of the Palo Alto Community and tap into your diverse perspectives.

 

Please feel free to share any relevant information, tips, or insights based on your experiences with Cortex XDR and URL IOC integration. We are open to suggestions, recommendations, or even success stories that highlight the value of this capability.

 

We extend our sincerest gratitude in advance for your contributions to this discussion. Together, let's continue to foster a strong and secure community.

 

Best regards,

1 accepted solution

Accepted Solutions

Hi AyedAbukhass,

 

Unfortunately, IOCs only support domains, not complete URIs for detection.  

View solution in original post

3 REPLIES 3

L4 Transporter

Hello @AyedAbukhass ,

 

Thanks for reaching out on LiveCommunity.

 

Please find below answers to your questions.

1. Yes, XDR allows you to create IOCs of different types like domain, destination ip, file path, file name, hash etc.

2. Please follow below guide to create IOCs.

https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Create-an-I...

3. Cortex XDR supports a maximum of 4,000,000 IOCs. Additional important information can also be found in above reference guide.

Hello @nsinghvirk 

 

Thank you for providing the answers and the reference guide on IOC creation in Cortex XDR. I appreciate your assistance.

 

To clarify, the desired URL IOC format would be: https://(IP or Domain)/URI, where the IP or Domain represents the specific IP address or domain associated with the URL, and the URI represents the specific path or resource within the URL.

 

If there are any additional resources or specific guidance available on how to add URL IOCs in Cortex XDR, I would greatly appreciate it. I believe that incorporating URL-based indicators will provide valuable insights and further fortify our security measures.

 

Thank you once again for your prompt response and for any further information you can provide on integrating URL IOCs within Cortex XDR.

 

Best Regards.

Hi AyedAbukhass,

 

Unfortunately, IOCs only support domains, not complete URIs for detection.  

  • 1 accepted solution
  • 1908 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!