This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Who Me Too'd this topic

Required Windows Event IDs for the best Cortex XDR detection performance

agsaqqal
L0 Member

‎06-21-2024 12:18 PM

Hello, dear Community,

 

I need a list of Windows event IDs required for BIOC and other Cortex XDR rules to work effectively.

For example, when we performed a Kerberos user enumeration attack using Kerbrute, it was not detected initially. Cortex XDR requires event ID 4768 to be enabled to detect such an attack. After enabling this event ID and testing the attack simulation again, it was successfully detected.

I am now wondering which event IDs are crucial to enable in order to maximize detection opportunities for Cortex XDR. It would be great to get a list of these event IDs.

Thanks.

1 person had this problem.
(1)
Who Me Too'd this topic
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks