Cortex XSOAR Articles
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
XSOAR has several areas in the console that provide insight into performance of the configuration and content. Review these and the associated dashboards to identify areas to investigate performance.  Are there excessive integration commands or is there a playbook or automation used extensively consuming significant resources?
View full article
  July 2024   UPCOMING EVENTS Customer Success Webinar: On-Prem v6 Migration to v8 SaaS Join us on July 24th to learn everything you need about the on-prem migration to the XSOAR 8 SaaS.  >>Register here  CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form      Recent CS Webinar Elevate your Threat Hunting skills with the first session of the webinar series: Proactive Threat Hunting Part 2    Watch More   New How-to Videos  Review the final video in the Getting Started with XSOAR 8 series: Engines Watch this video and learn how to handle and analyze cybersecurity evidence efficiently: Evidence and Evidence Fields  Get your alerts in order by watching this video: Alert Tuning  Are you familiar with Webhook? Check out this video to learn more about: Generic Webhook View More   Latest Security Blogs & Articles tay in the known: Threat Brief CVE-2024-6387 OpenSSH RegreSSHion Vulnerability. You can review and download the content pack under the product updates below.   Read the latest updates about Cortex: New Wave of Innovations  Read More   XSOAR PRODUCT UPDATES On July 1, 2024, a critical signal handler race condition vulnerability was disclosed in OpenSSH servers (sshd) on glibc-based Linux systems, tracked as CVE-2024-6387.  Cortex XSOAR has released a response pack and playbook for CVE-2024-6387 to help automate and expedite the mitigation process. To learn more and download the pack >> Click here On-prem XSOAR 8.6 version will be released on July 14 and includes the following features: XSOAR cluster high availability - for XSOAR cluster with three nodes or more Multi-Role API keys - to improve operational efficiency and dynamic RBAC management of API keys Enhanced role-based access control for dashboards - restrict access to specific dashboards for designated users through role assignment  Add integration logs for non-Python scripts and integrations You may review the full release notes, available after July 14th, here. It is recommended that you update to the latest version available. Start Planning Your XSOAR On-Premises to SaaS Migration! Calling all XSOAR 6 On-Prem customers! The migration to XSOAR 8 SaaS is planned for the third quarter of 2024. We want to remind you to connect with your Customer Success or Account Team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources:  Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide  Cortex XSOAR Content Release June 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site     XSOAR Product Release Notes  Read the Cortex XSOAR Feature Release Notes >> Documentation Help Center Read the Cortex XSOAR Version Release Announcements >> LIVEcommunity  
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   GoogleThreatIntelligence Analyze suspicious hashes, URLs, domains, and IP addresses.   GitHub Feed A feed to ingest indicators of compromise from Github repositories. The feed supports general extraction of IOCs, extracting from STIX data format and parsing of YARA Rules out of the box.    SaaS Security by Palo Alto Networks SaaS Security connects directly to your sanctioned SaaS applications to provide data classification, sharing and permission visibility, and threat detection.   CSCDomainManager CSCDomainManager is the world's first multilingual domain management tool, available in English, French, and German. It uses rules-based technology, customizable reporting, granular user management, and more to enable you to manage your domain.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR     
View full article
June 2024   UPCOMING EVENTS Customer Success Webinar Series: Proactive Threat Hunting Part 2 The event concluded on June 12, 2024. Visit our events page later this month to learn about our next event.    CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form      Recent CS Webinar Elevate your Threat Hunting skills with the first session of the webinar series: Proactive Threat Hunting Part 1    Watch More   New How-to Videos  Learn how to export indicators: How to Export Indicators to 3rd Party Systems Catch the new video in the XSOAR 8 Analyst Training: Playbook Tasks & To-Do Tasks Learn how to generate Reports and use Timers in XSOAR 8: Reports & Timers    View More   Latest Security Blogs & Articles Read the latest blog and learn how to: Migrating Historical Data into XSAOR from 3rd party products Read More   XSOAR PRODUCT UPDATES With the release of the XSOAR 6 On-Prem to XSOAR 8 SaaS and with our successfully migrated hosted customers, we would like to remind you to connect with your Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources:  Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide    Playbook of the Week Blogs Explore our latest playbooks, featured in our Playbook of the Week blog series, designed to enhance your automation skills.  Automating Response to Living-Off-the-Land (LOTL) Attacks Read All   Cortex XSOAR Content Release May 2024 Learn about newly released content packs and their capabilities. >> Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site      XSOAR Product Release Notes  Read the Cortex XSOAR Feature Release Notes >> Documentation Help Center Read the Cortex XSOAR Version Release Announcements >> LIVEcommunity    
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Suspicious Domain Hunting This pack provides all the necessary tools for the Suspicious Domain Hunting use case. It uses the CertStream integration to ingest new SSL certificates and alert for type-squatting.   NVD Feed 2.0 CVE feed from the National Vulnerability Database.   Gem Integrate with Gem to use alerts as a trigger for Cortex XSOAR’s custom playbooks, and automate response to specific TTPs and scenarios.   Check Point Infinity NDR Collect network security events from Check Point Infinity NDR for your secured SaaS periodically.   Ollama Get up and running with large language models locally.   Zoom Mail Use the Zoom Mail integration manage your ZMail.   Exabeam Security Operations Platform Exabeam Security Operations Platform.   ExabeamDataLake Exabeam Data Lake provides a highly scalable, cost-effective, and searchable log management system. Data Lake is used for log collection, storage, processing, and presentation.   Stellar Cyber Integration to retrieve and update cases from the Stellar Cyber platform.   Claroty xDome Use xDome to manage assets and alerts.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR       
View full article
    May 2024   UPCOMING EVENTS Customer Success Webinar Series: Proactive Threat Hunting  Join us on May 22nd for the first session of the next webinar series, Proactive Threat Hunting! Register the series below:  Part 1 | Part 2      Symphony 2024: AI and Automation  In case you missed it, catch the recording of Symphony 2024 below >> Watch now     CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form    Recent CS Webinar Learn about the benefits of SLAs, how to use them, and the available content pack: SLAs & Timers Fields   Watch More   New How-to Videos  Getting Started with XSOAR 8: Content Management  Learn about Job creation: Setting up Jobs  Ready to make a progress? Learn how to: Creating Incident Summary Reports Check out the new analyst training video: Notes & Evidence Board     View More   Latest Security Blogs & Articles Read the latest blog to learn: What's New in Cortex    Read More   XSOAR PRODUCT UPDATES Did You Start Planning Your XSOAR 8 SaaS Migration? With the End-of-Life product line of XSOAR 6 hosted planned for the end of June 2024, and with over 300 customers who have successfully migrated, we would like to remind you to connect with your Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources:  Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide   Playbook of the Week Blogs Explore our latest playbooks, featured in our Playbook of the Week blog series, designed to enhance your automation skills.   Streamlining Suspicious Data Upload Alert Investigations Prisma Cloud Compute - Compliance Alert v2 Read All   Cortex XSOAR Content Release April 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site   XSOAR Product Release Notes  Read the Cortex XSOAR Feature Release Notes >> Documentation Help Center Read the Cortex XSOAR Version Release Announcements >> LIVEcommunity  
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS - EKS The AWS EKS integration allows for the management and operation of Amazon Elastic Kubernetes Service (EKS) clusters.   Palo Alto Networks AIOps Best Practice Assessment (BPA) analyzes NGFW and Panorama configurations.   SafeBreach - Breach and Attack Simulation platform Breach and Attack Simulation platform.   CertStream Gets a stream of newly created certificates from Certificate Transparency (https://certificate.transparency.dev/).   Google Chat via Webhook Test Contribution branch 'master'. Invoked from the script.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
  April 2024   UPCOMING EVENTS Customer Success Webinar: Customer Success Webinar: SLAs & Timers  Join us on April 17th to learn about the benefits of SLAs & Timers fields and how to use them.  Proficiency level recommended: Beginners - Intermediate >> Register Here    Symphony 2024: AI and Automation  Come see where security operations are headed next! Join us on April 17-18 for a virtual event. Register below  >> Register here     CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form      Recent CS Webinar Review the Indicator Management Lifecycle part 3 here: Indicator Management Maintenance & Optimization Watch More   New How-to Videos  Our third analyst training video is waiting for you here: War Room  Review the latest episodes of the XSOAR 8 Engineering Training series:  Fields Display Scripts SLA Breach Scripts   View More   Latest Security Blogs & Articles Read the recent blog to learn how to leverage the integration between: Cortex XSOAR and TAXII  Learn how to take advantage of automation opportunities: Unveiling the Power of Automation for MSSP Read More   XSOAR PRODUCT UPDATES XSOAR 8 SaaS Migration Reminder In 2023, we announced that XSOAR 8 SaaS, our latest version, is available for migration for XSOAR 6-hosted customers. We already have over 300 customers working with the SaaS offering. As the XSOAR 6 hosted product line is planned to be End of Life by the end of June 2024, connect with your assigned Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources:  Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide     Playbook of the Week Blogs Explore our latest playbooks, featured in our Playbook of the Week blog series, designed to enhance your automation skills.  Automating Management of XDR Identity Analytics Alerts   Read All   Cortex XSOAR Content Release March 2024 Learn about newly released content packs and their capabilities. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site   XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Spur Context API Enrich IP addresses with data from the Spur Context API   Redmine A project management and issue-tracking system   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
March 2024   UPCOMING EVENTS Customer Success Webinar Series: Indicator Management  Join us on March 20th for the last webinar series session, where we share best practices for maintenance and optimization! Proficiency level recommended: Advanced XSOAR Engineer Part 3   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form      Recent CS Webinar Review the Indicator Management Tuning Creation Fidelity part 2 here    Watch More   New How-to Videos  Check out the latest features introduced in XSOAR 8.5: What's New in 8.5   Getting Started with XSOAR 8? You should review this video: Server Configurations and Security Settings. You may review all Getting Started with XSOAR 8 videos here Catch the latest parts of XSOAR 8 Engineering training:  Writing our First Automation Field Change Scripts   Review XSOAR 8 API video: Using the API  Check out the second video in the XSOAR 8 Analyst series: Working an Incident  View More   Latest Security Blogs & Articles Read the recent blog to discover best practices for spam detection using XSOAR: The Low-Hanging Fruits of Phishing and Spam Detection Read More   XSOAR PRODUCT UPDATES XSOAR 8 SaaS Migration Reminder In 2023, we announced that XSOAR 8 SaaS, our latest version, is available for migration for XSOAR 6-hosted customers. We already have over 200 customers working with the SaaS offering. As the XSOAR 6 hosted product line is planned to be End of Life by June 2024, connect with your assigned Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources:  Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide   Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series.  Using YARA to Automate Malware Identification    Read All   Cortex XSOAR Content Release Feb 2024 Learn about newly released content packs and their capabilities. >> Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site       XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity  
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   AWS - Security Lake Amazon Security Lake is a fully managed security data lake service.   CTM360 CyberBlindspot Take action on incidents derived from threat intelligence that is directly linked to your organization.   IRIS DFIR IRIS is a collaborative platform aiming to help incident responders to share technical details during investigations.   Ivanti Critical Vulnerabilities This pack handles CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893 - Ivanti critical vulnerabilities.   MetaDefender Sandbox Unique adaptive threat analysis technology.   Generic Webhook (Form Data) A version of the Generic Webhook integration that accepts a form data body. Note: raw_json field is required.   AWS-SNS-Listener A long running AWS SNS Listener service that can subscribe to an SNS topic and create incidents from the messages received.   SpyCloud Enterprise Protection Create breach and malware incidents in Cortex® XSOAR™ using the SpyCloud Enterprise Protection API. Provide enrichment for domains, IPs, emails, usernames, and passwords.   GreyNoise Indicator Feed This content pack fetches IPv4 Internet Scanner indicators from GreyNoise.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!   Cortex XSOAR     
View full article
  February 2024 UPCOMING EVENTS Customer Success Webinar Series: Indicator Management  Join us on Feb 21st for part 2 of the webinar series, where we cover the process of tuning creation fidelity for Indicators. Click below to register for the webinar series: You may catch the recording for part 1 in the On-Demand section below    Part 2   |  Part 3   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form    Operation Automation: 2024 Virtual User Group  When: Feb 20th, 9am - 12pm PT Meet your peers, share ideas, and learn from each other as you embark on your SecOps automation journey in 2024. This three-hour interactive virtual event promises valuable insights, customer peer discussions, and a tour of the latest features and playbooks designed to improve your user experience and get the most out of Cortex XSOAR®.  >> Register Here Recent CS Webinar Review the Indicator Management Lifecycle part 1 here: Indicator Management Lifecycle  Did you register for Part 2? Click here to secure your spot Watch More   New How-to Videos  Catch the latest parts of XSOAR 8 Engineering training:  Quiet Mode  Data Collections  Check out our latest XSOAR training video: Case  Management  Review XSOAR 8 EDL video: External Dynamic Lists (EDL) Check out the first part of XSOAR 8 Analyst series: Searching in XSOAR  View More   XSOAR PRODUCT UPDATES XSOAR 8 SaaS Migration Reminder In 2023, we announced that XSOAR 8 SaaS, our latest version, is available for migration for XSOAR 6-hosted customers. We already have over 100 customers working with the SaaS offering. As the XSOAR 6 hosted product line is planned to be End of Life by March 2024, connect with your assigned Customer Success or Account team to kickstart the migration process. To familiarize yourself with the new features and improvements in Cortex XSOAR 8, we recommend reviewing the following resources:  Cortex XSOAR 8 Release Announcement Cortex XSOAR 8 Feature Changes Cortex XSOAR 8 FAQs Cortex XSOAR 6 to Cortex XSOAR 8 Migration Guide  Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series.  Common Playbooks Pack  Prisma Cloud Audit Alert v3    Read All   Cortex XSOAR Content Release Jan 2024 Learn about newly released content packs and their capabilities. >> Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site      XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity    
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title:   Fortimail FortiMail is a comprehensive email security solution by Fortinet, offering advanced threat protection, data loss prevention, encryption, and email authentication.    Brandefense Branddefense is looking for data for each brand and collecting information and alarming the related brand about dark web findings.    Varonis SaaS Streamline alerts, events, and related forensic information from Varonis SaaS.      To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
  January 2024 UPCOMING EVENTS Customer Success Webinar Series: Indicator Management  Join us for a 3-part webinar series where we will dove deep into the indicator lifecycle, from creation through optimization! Click below to register in advance for this webinar series: Part 1 |  Part 2 |  Part 3    CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form    New How-to Videos  Check out our latest XSOAR 8 onboarding video: XSOAR Marketplace  Learn about the Indicator Exclusion List feature in XSOAR 8: Indicator Exclusion List Check out the latest episode of the Engineering Training: Looping with Automations & Sub-Playbooks    View More   Latest Security Blogs & Articles    Increase your security operations with QR code readability ability in XSOAR. Read this blog for more information: QR & XSOAR: How to Make it Work?    Read More   XSOAR PRODUCT UPDATES A New Data Retention License is Now Available  Extending data retention to an additional 31 days. Read more about the new policy here. To learn more about this license add-on, you may contact your Customer Success or Account team.    Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series. Capture the Flag Threat Intell Management    Read All   Cortex XSOAR Content Release Dec 2023 Learn about newly released content packs: AWS organizations, community dashboards, and more. >> Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site   XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity        
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS Organizations AWS Organizations offers policy-based management for multiple AWS accounts.   Community Common Dashboards A pack that contains community dashboards.   Tessian XSOAR integration for interacting with Tessian's events.   ORKL Threat Intel Feed Ingest indicators from the ORKL feed.   IP2LocationIO API integration to query IP geolocation.   HashiCorp Terraform Hashicorp Terraform provides infrastructure automation to provision and manage resources in any cloud or data center with Terraform.   Email Hippo Use this tool to verify email sources as fake emails that were used as part of phishing attacks.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR     
View full article
December 2023 UPCOMING EVENTS Customer Success Webinars are Taking a Short Break! We will be taking a short break to recharge and prepare for a new educational lineup of events, returning in January 2024 so be on the lookout.    CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form  Recent CS Webinar Watch the latest webinar about practical playbooks: Prisma Cloud VM Alerts & Enterprise DLP    Watch More   New How-to Videos  Check out our latest XSOAR 8 onboarding video: Configuring Integrations  Learn about the Generic Polling integration and how to implement it properly: Generic Polling in XSOAR 8    View More     XSOAR PRODUCT UPDATES Introducing New Playbooks A treasure hunt exercise featuring a thrilling Capture the Flag style game designed to enhance your XSOAR experience. The first playbook provides a helpful walkthrough of the platform, while the second playbook focuses on investigations. Download the packs below or through your product console: Capture the Flag 01  |  Capture the Flag 02     XSOAR 8 Pre-Migration Questionnaire  Calling hosted Cortex XSOAR 6.X customers! If you haven't filled out the Pre-Migration questionnaire yet, we would like to remind you to do so as soon as possible to help us better plan your migration process. Submit Now   Playbook of the Week Blogs Explore our latest playbooks designed to enhance your automation skills, featured in our Playbook of the Week blog series.  Want to be notified of new posts? Make sure to subscribe to Security Operations Blogs Streamlining the management of XDR Incidents   Read All   Cortex XSOAR Content Release - Nov 2023 Learn about newly released content packs: CTF packs, Github Maltrail Feed, and more. >> Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site     XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity      
View full article
New Content Packs Release Capture The Flag - 01 This game pack enables you to get familiar with XSOAR 8.    Capture The Flag - 02 This playbook pack focuses on investigations and enables you to get familiar with XSOAR 8.    Netcraft Netcraft takedown, submission, and screenshot management.   Ataya Integrate with Ataya Harmony to manage the 5G UE session   Github Maltrail Feed Maltrail is a malicious traffic detection system that utilizes publicly available (black)lists containing malicious and/or generally suspicious trails, along with static trails.   Proactive Threat Hunting The XSOAR Threat Hunting Pack enhances analyst capabilities by leveraging threat intelligence to uncover previously undetected threats and empowering proactive identification.   GreyNoise Premium GreyNoise is a threat intelligence service that collects and analyzes Internet-wide scan and attack traffic.   Vectra XDR Vectra XDR pack empowers the SOC to create incidents using Vectra AI's Attack Signal Intelligence.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!   Cortex XSOAR   
View full article
 November 2023 UPCOMING EVENTS Customer Success Webinar:  Streamline Your Security Operations with XSOAR Playbooks  Join us on Nov 15th for a deep-dive session on the Enterprise DLP and Prisma Cloud VM Alert Playbooks.  >> Register here   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form      Recent CS Webinar Watch the latest webinar about this common Microsoft integration: O365 Integration with Cortex XSOAR  Watch More     New How-to Videos  Watch our newly updated, extensive XSOAR 8 video series here: XSOAR 8 Engineering Training  Remember to check out our XSOAR 8 onboarding videos: Getting Started with XSOAR 8 View More     XSOAR PRODUCT UPDATES XSOAR 8 Pre-Migration Questionnaire  Calling hosted Cortex XSOAR 6.X customers! If you haven't filled out the Pre-Migration questionnaire yet, we would like to remind you to do so as soon as possible to help us better plan your migration process. Submit Now   Playbook of the Week Blogs We rolled out a few playbooks to help you detect malicious activity that might fly under the radar, from cloud token thefts to RDP cache hunting packs in our Playbook of the Week blog series.  Want to be notified of new posts? Make sure to subscribe to Security Operations Blogs Identity Threat Intelligence What's New in XSOAR 8.4   Read All   Cortex XSOAR Content Release - Oct 2023 Learn about newly released content packs: AWS system manager, Engineer Training, and more. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site   XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity    
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: AWS Systems Manager AWS Systems Manager is the operations hub for your AWS applications and resources and a secure end-to-end management solution for hybrid cloud environments   XSOAR Engineer Training XSOAR Engineer Training (XET) Pack, this pack contains content utilized to train you on how to be an XSOAR Engineer - Don't miss out on the Engineering Training Video Series!   AWS - IAM Identity Center With AWS IAM Identity Center (successor to AWS Single Sign-On), you can manage sign-in security for your workforce identities, also known as workforce users   PAT Helpdesk Advanced Manage helpdesk requests and tickets with PAT Helpdesk Advanced   Polar Security IBM company is an innovator in technology that helps companies discover, continuously monitor and secure cloud and software-as-a-service (SaaS) application data   Feedly Import Articles from Feedly with enriched IOCs   ThreatZone Threat.Zone enrichments are adaptable and can seamlessly integrate into various playbooks   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
October 2023   UPCOMING EVENTS Customer Success Webinar:  XSOAR Integration with O365 Join us on Oct 18th to dive into O365 integration with XSOAR. Discover practical use cases, including quarantining emails and executing search and delete tasks within Microsoft O365.  >> Register here   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form      Recent CS Webinars Watch our recent webinar and learn how to leverage IAM Playbooks and create custom dashboards: IAM Playbooks Webinar Part 2. To watch the full series, click here: IAM Playbooks webinar Part 1  If you missed the interesting session on how attackers are leveraging AI in their campaigns, hosted by Brian Krebs and Devin Johnstone, you can review the recording here: The Dark Side of AI and Automation  Watch More   New How-to Videos  Watch the latest videos to master your Cortex XSOAR experience:  XSOAR 8: Microsoft Integration & Authentication  Cortex XSOAR Training: Integration Configuration Cortex XSOAR Training: Incident & Object Indicators View More   Latest Security Blogs & Articles   Read the blog to learn how Only Cortex Delivers 100% Protection and Detection in Mitre Engenuity. Learn how to leverage Yara Rules in Cortex portfolio: Execute Yara Rules Using Cortex  Dive into the latest insights on emerging cyber threats and vulnerabilities gathered from extensive exposure and threat data collected over 12 months with Cortex Xpanse: Attack Surface Threat Report Read this whitepaper and catch up on Cybersecurity Transformation in Healthcare. Palo Alto Networks was named as a LEADER in the Forrester Wave™: Zero Trust Platform Providers, Q3 2023 report. Read the report: Zero Trust Platform Provides Read More   XSOAR PRODUCT UPDATES XSOAR 8 Pre-Migration Questionnaire  Calling hosted Cortex XSOAR 6.X customers! If you haven't filled out the Pre-Migration questionnaire yet, we would like to remind you to do so as soon as possible to help us better plan your migration process. Submit Now   Playbook of the Week Blogs We rolled out a few playbooks to help you detect malicious activity that might fly under the radar, from cloud token thefts to RDP cache hunting packs in our Playbook of the Week blog series. Want to be notified of new posts? Make sure to subscribe to Security Operations Blogs Cloud Token Theft Response Uncover Your RDP Secrets Automating DLP Incident Feedback   Read All   Cortex XSOAR Content Release - Sep 2023 Learn about newly released content packs: Rapid7 AppSec,Roksit DNS Security,and more. >> Read more Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity  
View full article
Attack surfaces are expanding in complexity due to growing cloud services and edge-computing adoption. To review the interesting session on how attackers are leveraging AI in their campaigns, hosted by the Brian Krebs and Devin Johnstone, you can catch the recording here.  Read the full report: “2023 Unit 42 Attack Surface Threat Report.”   
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Stamus Stamus Security Platform.   Rapid7 - AppSec Rapid7 AppSec content pack is designed to help users manage application vulnerabilities and scans.   Roksit DNS Security This integration provides adding selected domains to the Roksit Secure DNS's Blacklisted Domain List through API .   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
Getting prepared for XSOAR 8 migration can be challenging! The Cortex XSOAR team worked hard to cover everything you need to know to plan ahead for the migration. 
View full article
September 2023   UPCOMING EVENTS Customer Success Webinar: IAM Playbook Part 2 Join us on Sep 20th to learn about IAM-related playbooks, dashboards, and workflows designed to improve your organization's security posture through Cortex XSOAR automation with Identity and Access Management.  We recommend reviewing the IAM Playbooks webinar Part 1 prior to this webinar. >> Register here   CS Webinar Topics Suggestion Survey We value your input! Help shape our next webinars by sharing the topic you'd like to learn more about.  >> Fill out the form  Recent CS Webinar Watch our recent webinar to learn about the latest enhancements in the Default Pack for XSOAR 8.2 onward.  Watch More   New How-to Videos Watch these videos to learn how to get started with Cortex XSOAR 8: Overview & Activating XSOAR 8 Tenants User Authentication - Roles - User Groups   SAML SSO View More   Latest Security Blogs & Articles Learn how to Retrieve a CSV file.  Read this blog and start leveraging the Generic Webhooks to push events into XSOAR.  Everything you need to know about the XSOAR 8 Migration is waiting for you in our new Cortex XSOAR 8 Migration Guide.  Read More   Technical Courses Check out the latest digital learning technical course: Cortex XSOAR Engineer: Working with Lists    Explore More   XSOAR PRODUCT UPDATES Introducing New Playbooks The DNS Sinkhole Playbook addresses the challenge of identifying compromised hosts in a network by creating a controlled DNS redirection system. The problem lies in tracing back malicious DNS queries to their originating infected hosts, as the original source IP is lost when routed through an internal DNS server. The solution involves configuring a PAN-OS firewall to sinkhole DNS requests from internal DNS servers to a controlled address, enabling threat logs to report malicious queries from the internal server. Read more >> Configure DNS Sinkhole  The Cloud Token Theft Response playbook (part of the Cloud Incident Response content pack) provides an automated flow for collecting, analyzing, and responding to anomalous token usage activity.   Playbook of the Week Blogs Are you spending a lot of time managing incident tickets, password reset requests, and suspicious SSO alerts? Consider "outsourcing" a lot of these repetitive tasks to automation. Read about these automation hacks (and more) in our Playbook of the Week blog series Cortex XSOAR Content Release - Aug 23'  Learn about newly released content packs: Discord, Commvault Security IQ, and more. >> Read more   Cortex XSOAR Marketplace Explore additional content packs and test drive use cases from Cortex XSOAR and other contributors. >> Marketplace site   XSOAR Product Release Notes  Cortex XSOAR Feature Release Notes >> Documentation Help Center Cortex XSOAR Version Release Announcements >> LIVEcommunity
View full article
New Content Packs Release For more info on use cases, integrations, and related documentation, click on the Pack title: Discord Send Messages to your Discord server   Commvault Security IQ Commvault Security IQ provides pre-built integrations, automation workflows, and playbooks to streamline operations, enhance threat intelligence integration, and more   OpenCVE Ingests CVEs from OpenCVE   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
The Common Vulnerabilities and Exposures (CVE) repository is designed to provide a reference for a publicly known information security vulnerability.   
View full article
New Content Packs Release Use Case Builder To streamline the Use Case Design process and provide tools to help you get into production faster!   Oracle Cloud Infrastructure Feed This feed provides information about public IP address ranges for services that are deployed in Oracle Cloud Infrastructure.   Cloud Incident Response This content Pack helps you automate collection, investigation, and remediation of incidents related to cloud infrastructure activities in AWS, Azure, and GCP.   DomainToolsIrisDetect Iris Detect protects against malicious domains impersonating your brands and domains   Traceable Traceable AI API Security Platform Integration   Cloaked Ursa Diplomatic Phishing Campaign This pack detects and responds to the Cloaked Ursa Diplomatic Phishing Campaign   StringSifter StringSifter is a machine-learning tool that automatically ranks strings based on their relevance for malware analysis.   CheckPointHEC The Best Way to Protect Enterprise Email & Collaboration from phishing, malware, account takeover, data loss, etc.   Forcepoint Security Management Center Forcepoint SMC provides unified, centralized management of all models of Forcepoint engines, whether physical, virtual, or cloud.   CVE-2023-36884 - Microsoft Office and Windows HTML RCE This pack handles CVE-2023-36884 - Microsoft Office and Windows HTML RCE vulnerability.   ClickSend Make voice calls from XSOAR.   Getting Started with XSOAR This wizard is designed to provide a step-by-step walkthrough on getting started with XSOAR.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site! Cortex XSOAR 
View full article
Learn about recommended configurations, integration and playbook monitoring, indicator exclusions, and performance optimization.
View full article
New Content Packs Release CVE-2023-34362 - MOVEit Transfer SQL Injection This pack handles MOVEit Transfer SQL Injection CVE-2023-34362 vulnerability   Resecurity This package allows retrieving digital assets monitoring results from the defined monitoring tasks   Google Vertex AI Fine-tuned to conduct a natural conversation. Using Google Vertex Ai (PaLM API for Chat) The current integration of Google Vertex Ai is focusing only on the Generative AI model (PaLM) using the Chat prediction   Free Enrichers This content Pack helps set up free enrichers (Plug & Enrich, Free with sign-up) available for TIM   Zero Day Live TI FUSION Feed Zero Day Live is Blackwired’s flagship product that delivers proprietary, holistic, high confidence, and precision intelligence data points on Adversaries’ malicious intent   Mandiant Advantage Attack Surface Management Centralize and manage remediation efforts for security issues identified from the external attack surface   CybleEventsV2 Cyble Events for Vision Users. Must have Vision API access to use the threat intelligence   FullHunt Integration with FullHunt, the attack surface database of the internet. FullHunt enables companies to discover all of their attack surfaces, monitor them for exposure, and scan them   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors, visit our Marketplace Site!
View full article
In today’s security landscape, there are three important players - threat actors with the intent, capability and opportunity to cause widescale disruption to business functions, defenders working to undermine attacks and safeguarding these business functions and assets, and people, who ultimately become privy to collateral damage as a result of compromises in security and privacy.    
View full article
  • 75 Posts
  • 356 Subscriptions
Customer Advisories

Your security posture is important to us. If you’re a Palo Alto Networks customer, be sure to login to see the latest critical announcements and updates in our Customer Advisories area.

Learn how to subscribe to and receive email notifications here.

Listen to PANCast

PANCast is a Palo Alto Networks podcast that provides actionable insights to customers, helping you maximize your investment while improving your cybersecurity posture.

Top Contributors