07-29-2023 01:25 AM
Hello there,
As the title suggests, we are looking for a test we can simulate the behavior (have kali / attacker / victim test environment).
Any suggestions?
Thanks
08-01-2023 03:56 AM
Hello @OnurOnoglu
Thanks for reaching out to us!
With "Respond to malicious casualty chain" feature enabled Cortex XDR agent identifies a remote network connection that attempts to perform malicious activity—such as encrypting endpoint files. The agent then can automatically block the IP address to close all existing communication and block new connections from this IP address to the endpoint. When Cortex XDR blocks an IP address per endpoint, that address remains blocked throughout all agent profiles and policies, including any host-firewall policy rules. You can view the list of all blocked IP addresses per endpoint from the Action Center, as well as unblock them to re-enable communication as appropriate.
Unfortunately we cannot share any such script or test to simulate such behaviour because this involves a remote host to simulate attack which go through your network and may create other problems for you.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
