October 2022 Rewind: Here's What You Missed on LIVEcommunity

Showing results for 
Show  only  | Search instead for 
Did you mean: 
Community Team Member
No ratings

October 2022 LIVEcommunity RewindOctober 2022 LIVEcommunity Rewind


Welcome to our October 2022 Rewind, where we review some of LIVEcommunity’s biggest headlines from the past month!


In October, we recap new episodes of PANCast, a Palo Alto Networks podcast; Cortex XSIAM, Palo Alto Networks’ new autonomous platform powering the modern SOC; new webinars and more! Read on to learn about LIVEcommunity’s October 2022 highlights.


XSIAM Has Arrived to Revolutionize the SOC




We believe that the only way a SOC platform can operate at today’s scale is to completely rebuild from the ground up. So we’ve done exactly that with XSIAM, the autonomous security operations platform designed to enable all customers to achieve the outcomes Palo Alto Networks does in our own SOC. How? It all comes down to data that drives analytics, automation and proactivity. Read more about it in the blog from Lee Klarich, Palo Alto Networks Chief Product Officer, “XSIAM Has Arrived to Revolutionize the SOC.”


Register now for the The Modern SOC, Reimagined, a virtual event happening November 2, 2022.


New Episodes of PANCast, a Palo Alto Networks Podcast



Have you listened to PANCast yet? This new Palo Alto Networks podcast provides actionable insights from cybersecurity experts to customers; episodes will cover a range of Palo Alto Networks products, offering valuable tips and key information for a successful adoption journey. Check out the newest episodes from @jarena


PANCast Episode 2: How Does GlobalProtect Split Tunneling Work?

PANCast Episode 3: URL Filtering — Allowing and Blocking the Right Traffic


Playbook of the Week: Teaching XSOAR a Few New Tricks with Slack Blocks


In most cases, SlackAsk does not provide enough information suitable for analyst investigations, as it focuses mainly on binary “yes/no” questions. It has become fairly common for SOC engineers to use the SlackV3 content pack purely as a notification utility, but you shouldn’t have to be a Slack power user to utilize all that Slack blocks are capable of providing. 


The Slack V3 content pack allows you to interact with the Slack API by collecting logs and sending messages and notifications to your Slack team. It integrates with Slack's services to investigate failed login events and execute, create, read, update, and delete operations for employee lifecycle processes.


New AIOps Feature: On-Demand BPA


You can now run a best practice assessment (BPA) directly in AIOps for NGFW by uploading a Tech Support File (TSF). Now, you can generate an on-demand BPA report for devices that are not sending telemetry data or are not onboarded to AIOps (e.g. PAN-OS 9.1 devices), as well as devices that are onboarded to AIOps for NGFW with telemetry enabled.


Cortex XDR How-to Videos

Learn about a common use case for Endpoint Administration Cleanup, how Cortex XDR can ingest Windows DHCP logs to discover additional network devices; and how to use object data from Active Directory to create endpoint groups which can be used for policy targeting in the latest Cortex XDR how-to videos!


Cortex XDR How-To Video: Endpoint Group

Cortex XDR How-To Video: Configure Cloud Identity Agent

Cortex XDR How-To Video: Windows DHCP Log Ingestion


What's New: IoT Security, October '22 Update


In the October what’s in IoT Security update, we learned about a new third-party integration with BlueCat IPAM — which expands visibility into the structure and organization of the IP address—improvements to appearance and behavior, and a new report from RHISAC on the latest cyber threats from the retail, hospitality, and travel sectors. 


Two New Posts Written By Cyber Elite Expert @Nikoolayy1


Cyber Elite Expert @Nikoolayy1 wrote two super-helpful posts for LIVEcommunity this month! Check ‘em out:


OCR for Enterprise DLP and SaaS Security API 

Optical Character Recognition or Optical Character reader (OCR), which is the electronic or mechanical conversion of images of typed, handwritten or printed text into machine-encoded text. This new feature is configured in Enterprise DLP cloud portal and functions for Prisma Access or on-prem firewalls with the Panorama Plug-in. 


XDR Isolation Exceptions and Exclusions Use Case

When you isolate an endpoint, you halt all endpoint network access — except for traffic to #Cortex XDR. This can prevent a compromised endpoint from communicating with other endpoints, which reduces an attacker’s mobility. But traffic to Cortex XDR can be halted while still ensuring communication to Cortex XDR is always allowed.


Tips & Tricks: How to Get Updates From the Internet Without Internet Access





Did you know that you can avoid messy work-arounds for not having internet access with Service Routes. This cool feature makes certain services use a dataplane interface (instead of the management interface). Special shoutout to Cyber Elite @reaper for his contribution to this blog! 


October 2022 LIVEcommunity Member Spotlight: @LAYER_8


For the October 2022 Member Spotlight, we’d like to applaud one of our community members, @LAYER_8, for their participation and engagement in the LIVEcommunity! 


Since joining the community in July 2014, they have written 293 posts, received 79 likes, and authored 32 solutions (and counting). Thank you for your contribution and participation in the community @LAYER_8!


VM-Series Virtual Firewalls Integrate with Azure Gateway Load Balancer


Palo Alto Networks is pleased to announce the General Availability of integration of VM-Series virtual firewalls with Microsoft Azure Gateway Load Balancer. This integration has been designed to efficiently augment native Microsoft Azure network security capabilities with next-generation threat protection — so customers can more easily attain greater performance and scalability. 


Tips & Tricks: Block High-Risk Apps with Application Filters


Often overlooked, Application Filter objects can be a useful tool for administrators to streamline the security policy rulebase. An Application Filter is a dynamic object that can be created based on administrator-defined application attributes, including category, subcategory, risk factor, tags, and characteristics. Read more in this blog by @JayGolf — again with help from Cyber Elite expert @reaper! 🎉


Prisma Cloud Code Security and Drift Detection


Drift Detection is a feature that is included with Prisma Cloud Code Security that helps detect unwanted changes to your project’s source code. A few lines of code can turn your project upside down by creating easy entry points for hackers to use in order to leak data or turn your repository into malware.


If you already have a Prisma Cloud Code Security subscription, you can learn how to set up Drift Detection for your repositories now. Otherwise, read this blog on Prisma Cloud and Drift Detection to learn about how Drift Detection can help you maintain your security posture.


URL Filtering: Assigning Multiple Categories to URLs


Did you know that Palo Alto Networks URL filtering can assign multiple categories to URLs that classify a website’s content, purpose, and safety? Every URL can have up to four categories, including a security-focused URL category (or "risk category" for short) that indicates how likely it is that the site will expose you to threats.


These risk categories enable you to implement simple security and decryption policies based on website safety, without requiring you to research and individually assess the sites that are likely to expose you to web-based threats.


This Month’s Nominated Discussions With Accepted Solutions


Nominated Discussions help LIVEcommunity Solutions Engineers highlight a discussion post that has an Accepted Solution, and turn it into an article with additional helpful information, documentation, and clarity. Here are the Nominated Discussions we published this past month:



You're now fully briefed on LIVEcommunity's October 2022 highlights!


If this was helpful, be sure to give this blog a thumbs up. See you next month!


Rate this article:
Register or Sign-in
Article Dashboard
Version history
Last Updated:
‎10-31-2022 08:20 AM
Updated by: