11-23-2022 11:30 PM
Hello,
Is it possible to know the following :
1. Whether BIOC rules generate alerts/incidents in case there is a match for Custom prevention rules.
2. Any method to bulk hash blocking using Action center.
3. If we are hosting XDR firewall simultaneously, can we host another firewall from other tools .
11-23-2022 11:52 PM - edited 11-23-2022 11:53 PM
Hi @Shashanksinha the answers are
1. Yes
2. Yes you can enter multiple entries in one go using Action Center
Alternately, you can also use API's as that eliminates the need to copy-paste one at a time. You can then leverage the ability to ingest multiple entries, one at a time, each with their own comments.
3. You can take a look at the list here and see if this meets your requirements (https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/external-data-ingestion/abo...).
11-23-2022 11:57 PM
Hello,
Thanks for the response .
I wanted to ask instead of adding one-by one .Is there any method to upload it through some sheet without copy-pasting one by one
Like we can add IOC in the XDR console in bulk uploading notepad file or csv file .
11-24-2022 02:04 AM
Hi @Shashanksinha that's not possible now. The workaround is to use the API via a programming language or scripting language of your choice or use the Cortex XDR Postman API collection to perform the same.
Take a look at the detailed walkthrough of how to configure Postman to do the action you're asking for.
Ref: https://live.paloaltonetworks.com/t5/blogs/cortex-xdr-postman-api-collection/ba-p/443845
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
