07-07-2023 03:55 AM
Hi All,
Will cortex be able to detect if there is any malicious URL clicked by user?
Also, would like to know how cortex detect the ransomware attack.
Regards,
Sakshi Seth
07-07-2023 06:49 AM
Cortex XDR isn't meant to do any web filtering. I think it's assumed that you have your endpoints routing traffic through another PAN product (firewall, GlobalProtect, Prisma Access) and that these other products are already providing that coverage for you in the event you need it.
With ransomware detection there's a few different methods that XDR will use. Obviously if the file is known to be malicious it'll just block the execution, it'll look at the processes from a behavioral analysis aspect, and then it deploys (very small) decoy files across every single directory.
The overview that I've attached is slightly older, but it'll give you a good fundamental overview.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
