Welcome to our February 2023 Rewind, where we review some of LIVEcommunity’s biggest headlines from the past month!
In February, LIVEcommunity was busy sharing Palo Alto Networks’ Zero Trust OT Security announcement, an addition to our Member Testimonial series, playbooks for fighting cryptojacking, and more!
The Cortex XSOAR integration with Microsoft Teams is fantastic, and includes a lot of useful functionality, but how do you schedule a message?
That question piqued my curiosity and a quick Google search gave me what was needed: Microsoft Teams supports messages via incoming webhook, and with Cortex XSOAR Bring Your Own Integration (BYOI) capabilities, it didn’t seem like an insurmountable challenge to write a simple integration that would simply send a message. Read on to learn how to send a message using Microsoft Teams, webhook, and XSOAR.
PANCast, a Palo Alto Networks podcast that provides actionable insights to customers, is looking for ideas! PANCast provides actionable insights from cybersecurity experts to customers, helping ensure each day is more secure than the one before it.
Please share what topics you'd like to hear covered, simply by clicking "Suggest an idea" via this PANCast Ideas page. You can also listen to the latest PANCast episodes now.
Cryptojacking — a form of cryptomining that uses unauthorized access to someone else's device and resources to mine for cryptocurrency — is officially a thing. These two blogs take a look at how Cortex can be used to combat cryptojacking malware:
The Maximum Transmission Unit (MTU) specifies the largest amount of data that can be transmitted by a protocol in one TCP segment. The larger it is, the less overhead you have but the more retransmits you'll get in case of a problem. The larger frame also means increased latency due to time necessary to transmit. The smaller it is, the more overhead you'll have but less to retransmit if there is a problem. Learn more about how to manage TCP MSS adjustments in this blog.
There are many benefits to being a hosted XSOAR customer, such as offloading the care and feeding of the XSOAR environment. That being the case, it does require a different process when the time comes to archive the data to prevent slow performance or running out of storage. Let's review how to archive and retrieve your data, including best practices, recommendations and FAQs for archiving.
Phishing is involved in almost 40% of security incidents, according to the 2022 Unit 42 Incident Response Threat Report. Attacks that once relied on poorly written phishing emails to find victims have rapidly increased in sophistication and targeting due to the growing amount of personal information easily found on the internet.
With Cortex XSOAR, phishing responses can easily be automated and it is one of the most popular use cases for automation. The Phishing pack helps organizations reduce the time spent managing phishing alerts and provides a standardized, methodical process to handle phishing.
The Traffic Light Protocol (TLP) can play a major role in your XSOAR instance. As you may have seen already, every Threat Intelligence Feed you can add will come with this option to be set. The traffic light protocol was first developed by first.org, a security professional community in the area of incident response but actually mainly CERT related.
As you may imagine, when CERT people come together they are keen on sharing knowledge and insights as well as the latest and most urgent events they are facing with each other. But how do you end up not over sharing information while publicly exposing that your company may or may not be affected by a certain threat actor or vulnerability? How can you make sure that your effort of investigating a certain threat gets public knowledge?
Over ninety-five percent of end users report experiencing unanticipated application downtime, which causes businesses to lose valuable productivity. Find and fix problems with the user experience using autonomous digital experience management, all before those problems have an effect on your company.
Nominated Discussions help LIVEcommunity Solutions Engineers highlight a discussion that has an Accepted Solution, and turn it into an article with additional helpful information, documentation, and clarity! Here are the Nominated Discussions we published this past month:
@Nikoolayy1 is a longtime Cyber Elite expert and wrote two posts for LIVEcommunity this past month! Nikolay is a Senior Cybersecurity Consultant who is responsible for the implementation of NGFW as the primary leader in Palo Alto firewalls, WAF systems, and DDOS/Bot protection technologies. He is an expert in Palo Alto Networks’ security solutions and his insights are well-worth a read:
You're now fully briefed on LIVEcommunity's February 2023 highlights!
If this was helpful, be sure to give this blog a thumbs up. See you next month!
