This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

About mavraham

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.
mavraham
‎03-27-2024
since ‎01-05-2021
L4 Transporter
User Activity
User Profile
Latest posts by mavraham
View All
User Badges
Community Statistics
Member Since ‎01-05-2021 03:43 AM
Date Last Visited ‎03-27-2024 10:46 AM
Posts 100
Total Likes Received 35

Re: XDR agent quota exceeded

by in Cortex XDR Discussions
‎04-17-2023 07:31 AM
‎04-17-2023 07:31 AM
Hi @MahmudHKamol, You are correct. It will overwrite old logs, not all of them at once. ... View more

Re: windows updating checking in cortex console.

by in Cortex XDR Discussions
‎04-17-2023 04:22 AM
1 Kudo
‎04-17-2023 04:22 AM
1 Kudo
Hi @PoojalaSreenadh, thank you for writing to Live Community. If you are referring to knowing what is the latest OS to be installed on the endpoint, you can go view it from the All Endpoints tab. Go into Endpoints-->All Endpoints-->Click the 3 dots at the top right of the screen and make sure to tick the Operating System and OS version boxes. You will now be able to see the OS + OS Version on each endpoint. Hope this helps!   ... View more

Re: Cortex XDR service getting stopped

by in Cortex XDR Discussions
‎04-17-2023 12:15 AM
‎04-17-2023 12:15 AM
Did you find the cause of that? We're experiencing similar kind of thing. ... View more

Re: Cortex XDR Incident Best Practices

by in Cortex XDR Discussions
‎04-11-2023 02:12 AM
‎04-11-2023 02:12 AM
Thank you very much @jcandelaria  ! ... View more

Re: Malware Profile - Ransomware Protection

by in Cortex XDR Discussions
‎04-10-2023 07:54 PM
‎04-10-2023 07:54 PM
Hi @mavraham , Thank You for your reply. I understand the difference, but I would like to know what the benefits is between the 2? I had look through the documents, but it is only stating what you had mentioned.  ... View more

Re: Authorization Disk encryption visibility

by in Cortex XDR Discussions
‎04-07-2023 04:42 PM
‎04-07-2023 04:42 PM
Hello @mavraham!   Do you have some information, how to get the above mentioned role running?    BR Rob ... View more

Re: Compatiblity Check

by in Cortex XDR Discussions
‎04-04-2023 06:57 AM
‎04-04-2023 06:57 AM
Hi RamyashreeMada,   Generally devices classified as virtual appliances are using some customizations from the vendor or even a custom kernel and don't generally support other vendor software.  Your question would be best posed to Qualys to determine whether or not they support installing 3rd party software on their virtual appliance and what sorts of customizations have been applied. ... View more

Re: Cortex alert

by in Cortex XDR Discussions
‎04-03-2023 06:40 AM
1 Kudo
‎04-03-2023 06:40 AM
1 Kudo
Hi @DineshkumarA, Thank you for writing to Live Community. The Recurring access to rare IP alert is an analytics alert generated when the endpoint is periodically accessing an external fixed-IP address that its peers rarely use. If you have decided upon investigation that the alert is a false positive I suggest creating an alert exclusion for this specific rule. 1. Head over to Incidents --> Alerts Table --> Locate the alert making the noise, right click the alert and chhose Manage Alert --> Exclude Alert. 2. Once you're finished the following message should appear.   You can read more about how to create alert exclusion rules here.  Hope this helps! ... View more

Re: Cortex XDR Panorama Onboarding certificate

by in Cortex XDR Discussions
‎04-02-2023 05:53 PM
‎04-02-2023 05:53 PM
Hi @JacobMcGrath, Thank you for writing to Live Community. I suggest opening a support ticket through our customer support portal so that one of our support engineers take a deeper look at this. ... View more

Re: XQL Query: Hunting Supply Chain Attack for 3CX

by in Cortex XDR Discussions
‎04-01-2023 04:22 PM
‎04-01-2023 04:22 PM
Hey Kanwar!   Thank you for this nice overview!    To extend the scope for the query 2 my expierience in cortex xdr was:   1. take the dns_query_name field too into your scope with or:  dst_action_external_hostname in ("*mega.io*","*mega.nz*","*anonfiles.com*","*dropmefiles.com*","*file.io*","*quaz.im*","*temp.sh*","*termbin.com*","*transfer.sh*","*ufile.io*","*wasabisys.com*") or dns_query_name in ("*mega.io*","*mega.nz*","*anonfiles.com*","*dropmefiles.com*","*file.io*","*quaz.im*","*temp.sh*","*termbin.com*","*transfer.sh*","*ufile.io*","*wasabisys.com*")   2. For subdomains take the star into your scope of the domain to sniff them all: *wasabisys.com*   BR   Rob   ... View more

Re: How to block Excel macros

by in Cortex XDR Discussions
‎03-30-2023 07:00 AM
‎03-30-2023 07:00 AM
Hi ThendralMandu,   We do not support blocking this capability.  Cortex XDR is designed to prevent malicious applications and behaviors from running on your endpoints, it is not designed to be an endpoint control application. ... View more

Re: how to block software if the version change happen

by in Cortex XDR Discussions
‎03-30-2023 05:23 AM
‎03-30-2023 05:23 AM
Hi @RajeshPremSingh, thank you for writing to Live Community. You are correct that if a file hash often changes the way to block it would not be through the file hash allowlist. You can create a custom process based BIOC rule to detect the execution of the file you’re looking to block. Go into Detection Rules --> BIOC --> Add BIOC and follow these steps to create a new process query. Next, head over to Policy Management→ Profiles→ Add Profile →Create New→Choose platform (note that this will not apply to iOS or Android) and choose Restrictions Profile. Make sure to enable Custom Prevention Rules     After creating the BIOC rule you can now configure a custom prevention rule by going into Detection Rules → BIOC → Locate your newly created BIOC rule→ Right click and choose ‘Add to restrictions profile’.     Next, choose the profile you’ve created and click ‘Add’.   You should see the following message after you’re done.   Hope this helps!       ... View more

Re: Malware Scan on XDR

by in Cortex XDR Discussions
‎03-24-2023 10:33 AM
‎03-24-2023 10:33 AM
Hi @RamyashreeMada,   I just wanted to a supply a quick information update.  You asked earlier about how long it would take a scan to time out.  I was unaware of the time out, but can now confirm that the scan command should timeout after 24 hours.  This amount of time can be changed with a Support Exception, but would require having a ticket in with our support team.   ... View more

Re: Automating the Palo Alto NGFW's Process/Deamon Restarts

by in General Articles
‎03-22-2023 09:32 AM
‎03-22-2023 09:32 AM
I am really happy that people find this helpful 🙂   ... View more

Re: Intense SSO failures

by in Cortex XDR Discussions
‎03-20-2023 06:32 AM
‎03-20-2023 06:32 AM
Hi @DragomirGaliaIT, thank you for writing to Live Community. The Intense SSO Failure alert is an analytics alert from AzureAD or OKTA  resulting from an abnormally high amount of SSO authentication attempts being made within a short period of time, which could suggest a potential brute-force attack. You can read more about the alert logic, as well as some suggestive investigative actions in our documentation page. Hope this helps!     ... View more
Register or Sign-in
Contact Me
Online Status
Offline
Date Last Visited
‎03-27-2024 10:46 AM
LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks