This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About WSeldenIII
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About WSeldenIII
02-06-2023
34Posts
13Likes
5Solutions
Feb 06, 2023Last Visited
User
Activity
User
Profile
Latest posts by WSeldenIII
| Subject | Views | Posted |
|---|---|---|
| 731 | 08-24-2022 12:48 PM | |
| 866 | 07-26-2022 02:00 PM | |
| 666 | 05-16-2022 06:24 AM | |
| 1472 | 05-12-2022 07:18 AM | |
| 422 | 05-12-2022 06:50 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 05-12-2022 07:18 AM | |
| 1 Like | 05-12-2022 06:50 AM | |
| 1 Like | 08-20-2021 07:57 AM | |
| 1 Like | 07-20-2021 10:36 AM | |
| 1 Like | 02-02-2022 02:29 PM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 01-10-2020 07:42 AM |
| Date Last Visited | 02-06-2023 08:17 AM |
| Posts | 34 |
| Total Likes Received | 13 |
08-24-2022
12:48 PM
Hi @Oriavs
If I am following this threat correctly, then you are looking for a way to block file exception based on file hash. You can add sha-256 hashes to the block list within the action center. This workflow is documented in the Manage File Execution tech. doc.
... View more
07-26-2022
02:00 PM
Hi @KarlHalpin The Agent Service is captured in the Agent Audit Logs. The agent audit logs are not currently exposed as a dataset in ordered to be queried utilizing XQL. The agent audit logs are able to be exported to file or you may to configure notification forwarding to support your monitoring needs.
From an XQL enablement standpoint, there is a new feature to Pause Endpoint Protection that requires the Cortex XDR agent 7.7 and above, which is apart of the Endpoints dataset; therefore, you can leverage XQL. Please reference the following example query:
dataset = endpoints |filter manual_protection_pause = "PROTECTION_PAUSED"
The results from this XQL query will display only endpoints that are configured with the XDR agent and have the endpoint protection manually paused.
... View more
05-16-2022
06:24 AM
Hi @chukaokonkwo, the identity of the user that resolved the incident can be references in the Incident Timeline tab of the incident(s) in question. You may also consider to filter the Management Audit logs as well. The following is an example filter: Type = Incident Management AND Subtype Contains Change Incident Status AND Description Contains Resolved.
... View more
05-12-2022
07:18 AM
1 Kudo
Hi @nikoolayy1 Here is a noteworthy write up on NDR / Network Traffic Analysis (NTA) to provide an overview / insights. In a firewall-only deployment where the Cortex XDR agent is not installed on your endpoints, you can use of Pathfinder to monitor endpoints. Pathfinder scans unmanaged hosts, servers, and workstations for malicious activity. The Analytics Engine can also analyze the Pathfinder data collector in combination with other data sources to increase coverage of your network and endpoints, and to provide more context when investigating alerts. To provide greater coverage and accuracy, you can enable Enhanced Application Logging (EAL) on your Palo Alto Networks firewalls. EAL are collected by the firewall to increase visibility into network activity for Palo Alto Networks apps and services, like Cortex XDR . I hope this information provides you with a path forward.
... View more
05-12-2022
06:50 AM
1 Kudo
Hi All, The alert for the BTP rule mentioned above has been confirmed to be a false positive, and a fix has been implemented in content update version 510-90618. This content version was release on May 11, 2022 around 10:00 AM EST. Please ensure that you are enable configured to receive the latest content updates by reviewing the Agent Setting Profile - Content Configuration setting applied to your endpoints. If you experience any additional operational impact, then you may raise a support case to determine next steps.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-06-2023
08:17 AM
|
Latest Tags
No tags yet
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks