This website uses cookies essential to its operation, for analytics, and for personalized content. By continuing to browse this site, you acknowledge the use of cookies.
For details on cookie usage on our site, read our Privacy Policy
For details on cookie usage on our site, read our Privacy Policy
About afurze
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- About afurze
06-01-2023
74Posts
22Likes
21Solutions
Jun 01, 2023Last Visited
User
Activity
User
Profile
Latest posts by afurze
| Subject | Views | Posted |
|---|---|---|
| 19 | 06-01-2023 07:55 AM | |
| 13 | 06-01-2023 07:50 AM | |
| 203 | 05-12-2023 07:00 AM | |
| 213 | 05-12-2023 06:56 AM | |
| 330 | 05-08-2023 07:04 AM | |
| 182 | 05-08-2023 06:59 AM | |
| 422 | 05-03-2023 07:26 AM | |
| 528 | 04-21-2023 07:48 AM | |
| 267 | 04-21-2023 07:22 AM | |
| 289 | 04-19-2023 07:58 AM |
My Liked Posts
| Subject | Likes | Posted |
|---|---|---|
| 1 Like | 04-21-2023 07:22 AM | |
| 1 Like | 05-12-2023 07:00 AM | |
| 3 Likes | 04-21-2023 07:48 AM | |
| 1 Like | 04-19-2023 07:58 AM | |
| 1 Like | 04-14-2023 08:01 AM |
Posts I Liked
| Subject | Likes | Author | Latest Post |
|---|---|---|---|
| 3 Likes |
User Badges
Community Statistics
| Member Since | 05-11-2022 01:29 PM |
| Date Last Visited | 06-01-2023 11:17 AM |
| Posts | 74 |
| Total Likes Received | 22 |
06-01-2023
07:55 AM
License compliance is a requirement for all license types. Prevent license customers also have a small grace period for overage, after which enforcement action can be expected. Please contact your account team for additional information and to acquire an appropriate amount of endpoint licenses.
... View more
06-01-2023
07:50 AM
Shahwaz_Md,
It is usually not a good idea to be pausing or disabling protection services unless it is to troubleshoot the agent itself. XDR should not be interfering with normal user or administrator activity and, if it is, appropriate alert tuning actions should be taken to address this. If users or administrators have the capability to disable the agent, it becomes much less likely that you will be able to identify and protect against insider threats.
... View more
05-12-2023
07:00 AM
1 Kudo
FabioFerreira,
You can use the config stage command to specify a timeframe like so...
config timeframe = 5m
| dataset = fortinet_fortiauthenticator_vm_raw | filter deviceSeverity != "information" | filter deviceSeverity != "notice" | filter deviceSeverity = "warning"
| comp count(msg) as counter
| filter counter > 5
... View more
05-12-2023
06:56 AM
MatthiasBehn,
Please submit a TAC case for assistance on this issue.
... View more
05-08-2023
07:04 AM
RFeyertag,
The fact that this is done as a daily job is just an implementation detail. It is unlikely that this will change.
... View more
05-08-2023
06:59 AM
MBM2,
For coverage/protection inquiries, please submit a TAC case.
... View more
05-03-2023
07:26 AM
Hi RFeyertag,
IOC removal occurs as a daily job, you should see them removed within 24 hours of the expiration date and time.
... View more
04-21-2023
07:48 AM
3 Kudos
Hi Justin_smi,
First, please check how many forensic licenses your organization purchased and verify that you are only deploying the live collection (configured in your Agent Settings profile) to as many hosts as you are licensed for. You can't deploy this organization wide if you only purchased, say, 50 licenses. Enabling the live collection in the Agent Settings profile is a simple matter of checking the "Monitor and Collect Forensics Data" checkbox and then selecting the artifacts you want to gather and upload.
In addition to live collection of forensics data, you can perform one time forensics triage actions and upload the data into the XDR console to use in the forensics analysis UI. You can trigger an online triage by running the Forensics Triage action in the Action Center and selecting a Triage configuration to use, results will be automatically uploaded into the XDR console from the endpoint. To gather a triage package offline, you can go to Incident Response -> Forensics -> Triage -> Configurations, and right-click the package you want to use for triage and clicking the download for either 32-bit or 64-bit collector. Once you run this collector on the endpoint, you need to manually get the resulting package and use the "Import Offline Triage" button in the Configurations page to upload and process the collected triage package.
As to the usage of the data collected by the forensics module, this is an exercise left to trained forensics analysts. XDR does not perform any analysis of the forensics data (beyond putting it into the appropriate views based on artifact type) and it is up to the trained forensics analyst to understand and interpret the data being presented.
... View more
04-21-2023
07:22 AM
1 Kudo
Apata_Biswajit,
This is still considered within the normal range of XDR agent resource utilization. Generally, resource utilization will scale linearly along with the workload of the system starting from around 300 MB up to 2 GB potentially, again based on the workload of the system. I'll emphasize that, for most systems, a "normal" range is usually between 300 and 500 MB, but if you have larger systems with high workloads it's normal to exceed this as stated above.
... View more
04-19-2023
07:58 AM
1 Kudo
Hi Joe_Carissimo,
This is a perfectly acceptable method of doing agent deployment. As with anything else, it matters that you do it properly to avoid issues. After you install the agent in your golden image, you will want to either stop the agent and then remove the agent.id and hardware.id files (paths below), or once you actually do a deployment of the golden image to a new device, run cytool reconnect force. The issue you want to avoid is agents having the same ID when checking in to the console, this will cause you significant issues.
The agent.id and hardware.id files are located in
%programdata%\Cyvera\LocalSystem\OsPersistence\agent.id
%programdata%\Cyvera\LocalSystem\OsPersistence\hardware.id
If you remove those files, do not restart the agent or reboot the golden image again before converting it to the iso, or the agent will reconnect and assign new IDs, thus you will have to repeat the process. If you instead want to run cytool reconnect force, do this as soon as you boot a new device from the golden image, you will have to ensure this is done every time without fail, else you will run into issues with agent ID duplication.
... View more
04-17-2023
07:13 AM
Shashanksinha,
We do not have a "baseline" configuration, the configuration of XDR is highly customizable for each customer's unique environment. The only recommendation would be to have all protection modules set to "Block" for production use, however, this too can be customized based on the customer's environment and needs.
... View more
04-17-2023
07:10 AM
RamyashreeMada,
Our vulnerability database is regularly updated from the National Vulnerability Database from NIST (https://nvd.nist.gov), these updates are delivered silently in the background via content updates. As to your second question, I'm not sure what you are asking, can you please clarify?
... View more
04-17-2023
07:08 AM
RamyashreeMada,
Please contact your account team to obtain this type of documentation.
... View more
04-14-2023
08:01 AM
1 Kudo
See below
... View more
04-14-2023
07:10 AM
Hi Shahwaz_Md,
You can configure a persistent isolation notification in your Agent Settings profile under the User Interface section. By default, this is disabled, however, you can enable it and configure a customized notification.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-01-2023
11:17 AM
|
Latest Tags
No tags yet
Likes From
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks