This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About BoonHwee
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About BoonHwee
02-08-2022
3Posts
0Likes
0Solutions
Feb 08, 2022Last Visited
User
Activity
User
Profile
Latest posts by BoonHwee
| Subject | Views | Posted |
|---|---|---|
| 500347 | 10-11-2021 06:14 PM | |
| 783 | 10-04-2021 08:47 AM | |
| 805 | 04-26-2021 06:52 PM |
User Badges
Community Statistics
| Member Since | 04-26-2021 06:42 PM |
| Date Last Visited | 02-08-2022 02:16 AM |
| Posts | 3 |
11-25-2021
02:29 AM
Hi, the Info that something changed for the better is nice, but it'd be even better if there is a possibility to review the changes made. To this day I think there isn't a possibility to view Analytics BIOC Rules. The fact that Cortex XDR isn't a "black box" like other XDR/EDR products, that it's possible to view and alter standard BIOC Rules was the deciding factor for us to take the product into our MSSP program. Best regards
... View more
10-04-2021
09:31 AM
Hi @BoonHwee Cortex XDR analytics offers the ability to detect and alert anomalies with USB storage activity. The following are just two XDR analytics alert references: Possible data exfiltration over a USB storage device Possible internal data exfiltration over a USB storage device Please note, Cortex XDR analytics requires an XDR Pro license, and the USB Storage Device alerts have required data sources (Palo Alto Networks Firewall Logs and XDR agent), and a required detection module with the Identity Analytics. In terms of XDR Device Control, the feature is designed to block or allow USB-connected removable devices depending on how you have configured your Device Configuration - Extensions profile. If I understand the scope of your question correctly, then the device control configuration option is not available at this time. If you would like to request feature enhancements to device control / alerting, then please coordinate with your XDR SE or Customer Success POCs where applicable.
... View more
04-27-2021
08:09 AM
@BoonHwee wrote: Hi community, Does anyone know how to create dynamic group using define alphabet in the endpoint name. For example, my endpoints name is ABCP7ABC. I want to create a dynamic group just showing endpoints that have P7 after the first 3 character and not any endpoints that contain P7 (e.g ABCP8ABCP7). Thank you. Hi @BoonHwee, There's no way to specify a filter expression that indicates the start or the end of a string in Cortex XDR. So, unfortunately, any filter that you submit which contains "P7" will return results containing that text no matter the position in the text being evaluated.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
02-08-2022
02:16 AM
|
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks