About Majid1Khan

Hi Team,   We are having replication issues across the domain controllers and Microsoft is suspecting its an issue with Cortex and they want the the below files to be created as an exceptions across all our domain controllers.   To rule out Cortex issue we thought we will put this DC's in report mode instead of Block, as it is a risk of keeping DC's in report mode for longer duration till the replication is completed.   But im not able to add the below in the exclusions as it is not allowing this format in Cortex, please advise?   The following will need to be exception in Cortex AV. Once exceptioned and the list of files waiting to be replicated drops then Microsoft will investigate further.   SYSVOL Exceptions $db_normal$ FileIDTable_* SimilarityTable_* *.xml $db_dirty$ $db_clean$ $db_lost$ Dfsr.db Fsr.chk *.frx *.log Fsr*.jrs Tmp.edb     ... View more

We would like to know if we can integrate 3rd Party feeds in Palo Alto firewall for blocking IOC's automatically. Generally we seen people integrate Open Source threat intel with SIEM etc with Virus total and IBM Xforce xchange https://www.dshield.org/block.txt https://blocklist.greensnow.co/greensnow.txt Open source threat intel to block IOC's automatically ... View more