Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- ›
- About KanwarSingh01
About KanwarSingh01
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
12-24-2020
9Posts
0Likes
0Solutions
Dec 24, 2020Last Visited
User
Activity
User
Profile
Latest posts by KanwarSingh01
| Subject | Views | Posted |
|---|---|---|
| 284 | 12-11-2020 04:04 PM | |
| 297 | 12-11-2020 03:42 PM | |
| 417 | 11-24-2020 01:56 PM | |
| 202 | 11-24-2020 01:41 PM | |
| 663 | 11-24-2020 01:25 PM |
Posts I Liked
User Badges
Public Statistics
| Date Registered | 11-23-2020 03:59 PM |
| Date Last Visited | 12-24-2020 08:06 PM |
| Total Messages Posted | 9 |
12-11-2020
04:04 PM
Hi All, Is there there threat hunting community for Cortex XDR? Cheers
... View more
12-11-2020
03:42 PM
Hi, We already do the full dump of process but when we launch the dump in volatility to analysis the headers, Dump is not able to match any profile in volatility due to which we cannot analysis the dump file. If there is a way we can analysis these dump files with volatility that will be nice. Regards Kanwar
... View more
11-24-2020
01:56 PM
Hi There, Can you please let me know the api you have been using which you queried? Each API is well documented and defines the limit on the API call. Please refer to the documentation of Cortex XDR API below: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-api/cortex-xdr-apis/endpoint-management.html For example in the description of Get Endpoint you have a limitation of 100 endpoints only. You can design the call in such away that you can send the only a set of 100 endpoints in 2-5 seconds. This does the trick for us. Thanks
... View more
11-24-2020
01:41 PM
Hi There, Cortex is not meant to do web filtering. You can enable host firewall which will do only layer4-layer3 level filtering but not layer 7 filtering. Cheers
... View more
11-24-2020
01:25 PM
Can you please post the alert details? You can actually make an exception based on the filename, signer or various other methods etc.. under the Invetigation tab > Exclusions.
... View more
11-23-2020
05:33 PM
Did you have an alert around the same time on the same endpoint? If yes, can you post the details on that alert?
... View more
11-23-2020
05:03 PM
Hi There, We would recommend you to open up a support case with palo alto where you will have to submit the alert data for them to investigate. The rule which you have mentioned alone does not signify much as this is a friendly name to one of the rule set in EDR.
... View more
11-23-2020
04:51 PM
You can create groups based on Linux and Windows OS or whatever way you would like to create your group differentiater as. Under Endpoints > Endpoints Groups > Add Groups. Once you have done this create a new agent profile where you enable auto upgrade based on your preference thereafter create a policy where you attach the newly created agent profile for upgrade and only attach the policy to specific endpoint groups. Step: 1> Setup global Agent Auto Upgrade settings (Be careful of your internet link saturation.) Step: 2> Setup Endpoint Groups as per requirement. Step: 3> Create Agent Profile. Enable auto-upgrade in profile. Step: 4> Apply profile to endpoint policy based on groups. Step: 5> Test before production.
... View more
11-23-2020
04:23 PM
Is there a way we can analysis the dump file when a behavior based alert is generated for an incident? We would like to analysis the process dump file with volatility for windows 10 machines. Thanks for the help in advance.
... View more
Latest Blogs
Latest Posts
Copyright 2007 - 2021 - Palo Alto Networks
