This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
About Balaraju
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- LIVEcommunity
- About Balaraju
06-20-2022
16Posts
2Likes
0Solutions
Jun 20, 2022Last Visited
User
Activity
User
Profile
Latest posts by Balaraju
| Subject | Views | Posted |
|---|---|---|
| 289 | 06-02-2022 02:17 AM | |
| 220 | 04-19-2022 03:30 AM | |
| 408 | 03-30-2022 08:55 AM | |
| 450 | 03-30-2022 07:26 AM | |
| 517 | 03-21-2022 03:03 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 03-30-2022 08:55 AM | |
| 1 Like | 03-05-2022 09:57 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like | |||
| 1 Like |
User Badges
Community Statistics
| Member Since | 02-18-2022 08:01 AM |
| Date Last Visited | 06-20-2022 11:32 AM |
| Posts | 16 |
| Total Likes Received | 2 |
06-02-2022
02:17 AM
Few questions . Thanks in advance 1) We have Cortex Prevent 3.2 , so if we move to Pro from Prevent , do we have to use a different agent ? We are using agent version 7.6.1 . Any other thing we need to worry about or make note about in this context ? We have brokers also , so is there any document or link which tells what is best way to move to Pro from Prevent ? 2) During install we choose UK as our tenant location , so if we need to move to EU then what considerations and steps we need to be aware of and how this move can be made with less issues ? Thanks in advance
... View more
04-19-2022
03:30 AM
Thanks . How is full system scan initiated from console different from a 'all drives' scan executed from agent ?
... View more
03-30-2022
08:55 AM
1 Kudo
Thanks a lot for quick response . Thanks again .
... View more
03-30-2022
07:26 AM
Hello , We are using Cortex XDR Prevent 3.2 with 2 Broker VMs for Proxy access . I guess Broker VMs are Linux appliance . So is there any way to find the Linux kernel version which these VMs are running ? Thanks in advance for response
... View more
03-21-2022
03:03 AM
The process in almost all cases is ' rundll32.exe' , though the Exploit profile is set as Default(Block) , all the alerts show up as Detected(Reported) . No block list has been configured either in the Exploit profile .
... View more
03-19-2022
10:28 AM
Greetings , The single most common and repeating alert which we are getting is like below : '' 173 'Hijacked DLL Injection' alerts detected by XDR Agent on 24 hosts '' Explanation is 'DLL attempted to load from blacklisted location' .So 2 questions here What we are supposed to do here ? What is the investigation path we should follow ? What above alert means ?Should we be worried ? I assume I have read that this protection module is among those modules which cannot be configured or modified ? Overall looking to understand these type of alerts though they appear as ' Detected(Reported)' and Not Prevented(Blocked) . Thanks in advance for response
... View more
03-18-2022
10:49 AM
Thanks for quick reply , I will refer this surely .
... View more
03-18-2022
10:16 AM
Hello , Is there any document or link which can summarise all the protection capabilities of Cortex XDR ? There seem to be many modules/techniques but what is lacking is not all are listed at one place and its difficult to understand how it all works in real world and deliver protection , so list all protection capabilities/modules and give a brief of what each of them achieve .
... View more
03-05-2022
09:57 AM
1 Kudo
Thanks a lot for your response , this is very useful and thanks for all the explanation and URL Links .Appreciate it .
... View more
03-04-2022
05:19 AM
We are using Cortex XDR Prevent 1) I see many places the word 'rules' and 'rule exception' is used , I assume this option or feature is not available in Cortex XDR Prevent as I do not see it in the menus/blades .I guess its a 'Pro' edition feature . Please correct me . 2) In Cortex XDR Prevent , I had a legitimate batch file which was 'prevented' by Cortex , so I was looking at best way to allow it to run on the host next time , so I added all hashes from ' Key Assets and Artifacts ' for the Incident to Allow list . So fingers crossed . However I see I get one option when I right click on the individual alert ' Create Alert Exception ' , I did not find any documentation about this feature in the pdf admin guide , can anybody explain what this does and is this a better option . The alert source is ' XDR Agent ' and its a 'Behavioural threat ' Thanks in advance
... View more
03-04-2022
02:55 AM
Hello In the second line above do you mean ' I add it as alert exclusion ' or ' I add it as alert exemption ' ?
... View more
03-02-2022
07:37 AM
Greetings , I am using Cortex XDR Prevent and keen to know how most decisions are made by Cortex XDR about File/process/macro being malicious or not ? So assume there are no Hash exceptions and need to know if below is true : - First Wildfire cache is checked and if verdict for sample is available ,its used and it becomes final -Second if sample is not in Wildfire cache then static analysis is done and its decision is used and parallelly sample is sent for WildFire analysis and once verdict is received it takes priority over static analysis and if WildFire verdict is 'Unknown' then Static Analysis verdict is final . Also till the time verdict is received from Wildfire the local analysis verdict is valid . Can somebody confirm if above is true understanding or if Iam wrong anywhere ? Secondly will appreciate if any statistical information is shared about above like in most cases whose verdict is used in most cases ? between Static Analysis and Wildfire . Thirdly need to know how often are verdicts different and are they same in most cases ? Thanks in advance .
... View more
02-24-2022
03:10 AM
Greetings , So if there is a alert/incident and no 'Host' listed , anyway to find it ? What other approach can be used if Hostname cannot be found for some reason . Thanks in advance
... View more
02-23-2022
09:56 AM
We are in process of moving from Traps 4.x to Cortex XDR Prevent . As we are onboarding endpoints we are seeing alerts generated in our Dashboard . So alerts are clubbed as Incidents . So as we onboard endpoints the number of Incidents is increasing very rapidly , so as we open each Incident we see most have Wildfire Verdict as Benign so I guess they are safe and need no response and we see 2 out of 100 incidents have Verdict as Malware , so they need to be reviewed and response surely . So question is is there a filter option which allows us to create a Dashboard which shows only alerts/incidents which have Verdict as 'Malware' . Please add anything else which is important in this context , so looking at daily operations and looking to find what we need to do on Daily basis in our operations Job when we have all endpoints onboarded to Cortex XDR . We have profiles and policies understand and they are configured , now we are looking at alerts/incidents and looking for guidance about how to approach them and how to handle and interpret them on day to day basis . Also are there any other things we need to monitor ? Also is our criteria to decide actionable matters correct i.e look at only those incidents which have Wildfire verdict as Malware ? Thanks
... View more
LEGAL NOTICES
Copyright 2007 - 2022 - Palo Alto Networks