This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About Luc_Desaulniers
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About Luc_Desaulniers
11-04-2022
12Posts
4Likes
1Solution
Nov 04, 2022Last Visited
User
Activity
User
Profile
Latest posts by Luc_Desaulniers
| Subject | Views | Posted |
|---|---|---|
| 1103 | 06-09-2022 06:21 AM | |
| 884 | 06-09-2022 06:09 AM | |
| 628 | 06-07-2022 10:42 AM | |
| 894 | 05-31-2022 11:47 AM | |
| 3961 | 05-31-2022 11:42 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 09-27-2021 02:32 PM | |
| 1 Like | 05-31-2022 11:42 AM | |
| 1 Like | 04-19-2022 09:20 AM | |
| 1 Like | 04-19-2022 09:39 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 7 Likes | |||
| 5 Likes | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 03-31-2021 10:47 AM |
| Date Last Visited | 11-04-2022 06:48 PM |
| Posts | 12 |
| Total Likes Received | 4 |
06-09-2022
06:21 AM
Are you 100% sure of that? This is what logically should happen, but I ran into the exact issue that the OP is referring to where a CU was pushed, broke things, the next day it got fixed by a new CU, but my machines that were set to a 3 days delay picked up the broken CU first. This happened to my environment back in early March 2022. Maybe things have changed now, but I can confirm that OP's concern is a valid one as I've seen it happen. There is no way for us customers to exclude a content update. What I ended up doing was work my way around it by changing the delay to a very long delay and then once I was sure the latest wasn't causing issues, I switched my initial group that had the delay setup to immediate content so they would pick up the latest one and then changed it back to 3 days delay once they were all to the point I wanted them.
... View more
06-09-2022
06:09 AM
I was wondering if it was a possibility to rollback on a previous version of the content update just to test something? Anybody knows if that's doable?
... View more
06-07-2022
10:42 AM
It is normal in the fact that this how it's done currently, but now is it secure to do this, no it isn't. Try to raise it through a support ticket, I guess the more that raise those kind of issues the more chance there is for Palo Alto to fix it.
... View more
05-31-2022
11:47 AM
Great start on the query. Here's another way you could do this to avoid an and statement: config case_sensitive = false |dataset = xdr_data |filter event_type = ENUM.PROCESS |filter action_process_image_name = "msdt.exe" and action_process_image_command_line = "*PCWDiagnostic*IT_RebrowseForFile*" |fields agent_hostname, action_process_username as User, action_process_image_name as Child_Process, action_process_image_path as Child_Path, action_process_image_command_line as Child_CMD_Line, action_process_image_sha256 as Child_SHA256, actor_process_image_name as Parent_Process, actor_process_image_path as Parent_Path, os_actor_process_command_line as Parent_CMD_Line
... View more
05-31-2022
11:42 AM
1 Kudo
You could create a BIOC rule with that query and then assign this BIOC rule to a restriction profile so that it would prevent the action. It does the trick usually, keep in mind that BIOC rules aren't instantaneous, but depending of the actions, it usually reacts quickly enough to avoid most of the damage.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
11-04-2022
06:48 PM
|
Latest Tags
No tags yet
Likes Given To
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks