XDR Acting as Application Control for Linux

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

XDR Acting as Application Control for Linux

L0 Member

Hi Community, 

 

I've managed to transform Palo Alto Networks' Cortex XDR into an effective application control solution for Linux based on the hashes of the files. 

Has anyone else tried this method previously?

3 REPLIES 3

L2 Linker

Hi @rafael 

Thank you for reaching out to the Live community!

Basically, CortexXDR has features like Hash control ,Restriction policies (Phase2 & 3 ) & BIOCs etc,.. that can be used to manage files and applications effectively.

But generally speaking, transforming XDR solution into solely an application control solution may not be good idea since App control is a legacy control solution that leaves companies open to supply chain attacks, lolbins, and much more...

Please click Accept as Solution to acknowledge If this answer added value to your question.



It is true that BIOC rules allow you to detect behaviour, this functionality of Application control with cortex restricts Linux Servers to use files that aren´t whitelisted by you. I dont agree since it could be a great use for restricted servers with important information. 

L2 Linker

Custom BIOC rules can be added to the restriction profile to restrict the file execution and to have more granular control than just detection, could be used as an application control over restricted servers or on servers that have tight hardening which are not exposed to outside infra easily but the point I was making is to effectively use XDR solution for the purpose it is built for than just using it as legacy App control solution.

  • 405 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!