About mbordach10

Can ansible used for deployment of SOAR ?   **Note: this is a question from our CS Webinar: Dev to Prod Configuration and Best Practices in Cortex XSOAR ... View more

Will Export Custom Content export a change to a system field (Like setting "Owner" to mandatory? This has not been my experience. **Note: this is a question from our CS Webinar: Dev to Prod Configuration and Best Practices in Cortex XSOAR ... View more

The newest version of Cortex XSOAR is now available for GA. Here are some highlights from this release: Indicator field Trigger Scripts: Associate indicator fields with trigger automation scripts that check for field changes, and then take actions based on them. Dynamic layouts and fields: When customizing an indicator/indicator layout add a filter. Saved Query Sharing: Share saved queries with specific roles. Enhanced RBAC: More granularity to the RBAC roles page. Check out the Cortex XSOAR  Release Notes  for additional details. ... View more

New XSOAR Content packs released in Feb '22 Check out our new XSOAR content packs released in February! For more info on use cases, integrations and related documentation click on the Pack title: WildFire API Small Use the Palo Alto Networks Wildfire integration to automatically identify unknown threats and stop attackers in their tracks by performing malware dynamic analysis.   WildFire API Large Use the Palo Alto Networks Wildfire integration to automatically identify unknown threats and stop attackers in their tracks by performing malware dynamic analysis.   Intel 471 Malware Intelligence Intel 471 Malware Intelligence provides a high fidelity and timely stream of indicators with rich context.   MAC Vendors Query MAC Vendor's list of registered MAC and vendor names via their API   OpenSourceVulnerabilities OSV (Open Source Vulnerability) is a vulnerability database for open source projects. For each vulnerability, it perform bisects to figure out the exact commit that introduces the...   Xsoar_Utils This is a wrapper on top of XSOAR API. Can be used to implement commands that call the XSOAR API in the background.   Change Management If you use Pan-Os or Panorama as your enterprise firewall and Jira or ServiceNow as your enterprise ticketing system, this pack will assist you to perform a well coordinated and...   Recorded Future Identity Recorded Future App for Identity ManageEngine_PAM360 PAM360 integrates with Cortex XSOAR that fetches passwords directly from the PAM360 vault to use in their tasks.   PhishUp PhishUp prevents phishing attacks, protects your staff and your brand with AI   Trend Micro Vision One Trend Micro Vision One is a purpose-built threat defense platform that provides added value and new benefits beyond XDR solutions, allowing you to see more and respond faster....   NGFW TS Agent Deployment Deploy Palo Alto Networks NGFW Terminal Service Agents to Windows Hosts   National Vulnerability Database Feed CVE and CPE feed from the National Vulnerability Database   Postmark Spamcheck Postmark’s spam API, Spamcheck, is a RESTfull interface to the Spam filter tool SpamAssassin.   Wolken ITSM Use The Wolken IT Service Management (ITSM) solution to modernize the way you manage and deliver services to your users. Active Directory Assurance - Exposures Response and Remediation Active Directory remediation playbooks and workflows   Hackuity From a war-room, query your Hackuity cockpit in order to seamlessly retrieve information related to your vulnerability stock.   Trustwave Fusion Trustwave Fusion is Trustwave's cloud-native platform that provides visibility and context in detection and response workflows.   Google Sheets The Google Sheets API is a RESTful interface that lets you read and modify a spreadsheet's data.  ReversingLabs Ransomware and Related Tools Feed A timely and curated threat intel list containing recent indicators extracted from ransomware and the tools used to deploy ransomware which are suitable for threat hunting. For more information view the full release notes for  22.2.0.     To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site! ... View more

Download Content Packs and Docker Images Offline As some of are customers are air-gapped due to security and regulations concerns, and due to the Marketplace nature of Cortex XSOAR, w e recently released a flow that enables you to download only the relevant Packs and Docker images to your organization. This way you will save time and complexity by getting only the updates you need. Read more about this pack on the XSOAR Marketplace: Download Content Packs and Docker Images Offline | Cortex XSOAR ... View more

New XSOAR Content packs released in January ‘22   Check out the XSOAR content packs released in January! For more info on use cases, integrations and related documentation click on the Pack title: AzureDevOps Create and manage Git repositories in Azure DevOps Services.   Filters And Transformers Frequently used filters and transformers pack. Grafana Grafana client to interact with Grafana server API. Phishing URL Phishing URL is a project with the goal of detecting phishing url using machine learning ArrayToCSV Converts a simple Array into a textual comma separated string OTSecurity An OT Security Automation Pack Inventa Handling DSAR reporting within Inventa Instance, including PII categories found, storages with data related to the PII etc. Wiz Integrate with Wiz for bidirectional Issue management and fetching of resource information. Netskope v2 Block URLs, domains and file hashes.   FeedMandiant Get Mandiant feed   WhisperGate & CVE-2021-32648 On January 14th, 2022, reports began on a malware operation dubbed "WhisperGate" targeting multiple organizations in Ukraine. Accenture CTI v2 Accenture Cyber Threat Intelligence Accenture CTI Feed Accenture Cyber Threat Intelligence Feed Create EDL Instance An automation script for creating EDL instances on XSOAR. Azure Key Vault Use Key Vault to safeguard and manage cryptographic keys and secrets used by cloud applications and services. Cado Response Automate data collection. Process data at cloud speed. Analyze with purpose. Camlytics An integration with Camlytics surveillance analytics system For more information view the full release notes for  22.1.0.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site!     ... View more

Check out our revamped XSOAR Best Practices Guide and learn about recommended configurations, integration and playbook monitoring, indicator exclusions, and performance optimization.   Have a question? Post it on the  Discussion Forum   Cortex XSOAR  ... View more

Cortex team released a unified integration Generic Export Indicators Service. This integration is meant to be the only integration used for the Indicators Sync use case, and should replace the existing 'PAN-OS EDL Service' and 'Export Indicators' integrations.   This integration has it all: Existing functionalities from both older integrations, new features (such as selecting the exported columns) and major performance enhancements.  Full integration documentation can be found here: Generic Export Indicators Service | Cortex XSOAR   Cortex XSOAR  ... View more

XSOAR CI/CD Flow We are happy to share that we have released the XSOAR CI/CD flow. The flow allows you to manage custom content in a pack structure outside of XSOAR, in a Git repo to your liking. This way you can develop in a multiple branch approach, resolve conflicts, test and stage your changes and deploy. This flow is mainly aimed for advanced customers, which are familiar with CI/CD concepts. Read more at: https://xsoar.pan.dev/docs/reference/articles/xsoar-ci-cd ... View more

As part of our Rapid Breach Response program, following the Russia/Ukraine Cyber conflict, Cortex XSOAR released a new content pack: "WhisperGate & CVE-2021-32648'' that can help automatically detect and mitigate the two threats. Read the full threat brief from Unit 42: Threat Brief: Ongoing Russia and Ukraine Cyber Conflict. ... View more

Example Phishing Use Case Definition Template   This document provides a filled out template for implementing the OOTB Phishing Use Case in XSOAR, with the trigger being a reported suspect phishing email to a Security inbox.  A Playbook for this use case can be started with the Phishing Investigation - Generic V2 as an initial template.   You may find the Phishing UCD template HERE. ... View more

Check out our new XSOAR content packs released in December! For more info on use cases, integrations and related documentation click on the Pack title: Analytics & SIEM: Armorblox   Azure Data Explorer Case Management: PenfieldAI Data Enrichment & Threat Intelligence: Cybersixgill Actionable Alerts  SOCRadar Threat Feed  VirusTotal XSOAR Enrich  VirusTotal XSOAR Respond  VirusTotal XSOAR Triage   VirusTotal XSOAR Starter Email Gateway: PhishingAlerts Network Security: PicusAutomation   Social Engineer Domain Analysis  PerimeterX Utilities: AppendIfNotEmpty  Content Installation  CreateHash DeduplkicateValuesbyKey  IsArrayItemInList  MS-ISAC  ParseHTMLTables  Schedule Task and Poll Vulnerability Management: CVE-2021-44228 - Log4j RCE Azure Risky Users For more information view the full Release Notes for  21.12.0 and 21.12.1.   To explore more content packs and test drive use cases from Cortex XSOAR and other contributors visit our Marketplace Site! ... View more

Using Cortex XSOAR to Deal With Apache Log4j Vulnerability (CVE-2021-44228)   Critical RCE Vulnerability: log4j - CVE-2021-44228 refers to a 0-day exploit in the popular Java logging library log4j2.   As part of our Rapid Breach Response program Cortex XSOAR released a new playbook to automatically detect and mitigate the remote code execution (RCE) vulnerability in Apache log4j 2 that is being actively exploited in the wild.    Read more about the exploit in our Unit42 blog post.    Find a link to the new pack on the XSOAR Marketplace website.   For more information subscribe and follow Palo Alto Networks security advisory. Disclaimer: This threat is rapidly evolving by the hour. Unit 42 researchers are updating the Unit 42 blog in real time, and therefore the blog serves as our single source of truth. The information provided is for general informational purposes only.  ... View more