Welcome to our October 2022 Rewind, where we review some of LIVEcommunity’s biggest headlines from the past month!
In October, we recap new episodes of PANCast, a Palo Alto Networks podcast; Cortex XSIAM, Palo Alto Networks’ new autonomous platform powering the modern SOC; new webinars and more! Read on to learn about LIVEcommunity’s October 2022 highlights.
We believe that the only way a SOC platform can operate at today’s scale is to completely rebuild from the ground up. So we’ve done exactly that with XSIAM, the autonomous security operations platform designed to enable all customers to achieve the outcomes Palo Alto Networks does in our own SOC. How? It all comes down to data that drives analytics, automation and proactivity. Read more about it in the blog from Lee Klarich, Palo Alto Networks Chief Product Officer, “XSIAM Has Arrived to Revolutionize the SOC.”
Have you listened to PANCast yet? This new Palo Alto Networks podcast provides actionable insights from cybersecurity experts to customers; episodes will cover a range of Palo Alto Networks products, offering valuable tips and key information for a successful adoption journey. Check out the newest episodes from @jarena:
PANCast Episode 2: How Does GlobalProtect Split Tunneling Work?
PANCast Episode 3: URL Filtering — Allowing and Blocking the Right Traffic
In most cases, SlackAsk does not provide enough information suitable for analyst investigations, as it focuses mainly on binary “yes/no” questions. It has become fairly common for SOC engineers to use the SlackV3 content pack purely as a notification utility, but you shouldn’t have to be a Slack power user to utilize all that Slack blocks are capable of providing.
The Slack V3 content pack allows you to interact with the Slack API by collecting logs and sending messages and notifications to your Slack team. It integrates with Slack's services to investigate failed login events and execute, create, read, update, and delete operations for employee lifecycle processes.
You can now run a best practice assessment (BPA) directly in AIOps for NGFW by uploading a Tech Support File (TSF). Now, you can generate an on-demand BPA report for devices that are not sending telemetry data or are not onboarded to AIOps (e.g. PAN-OS 9.1 devices), as well as devices that are onboarded to AIOps for NGFW with telemetry enabled.
Learn about a common use case for Endpoint Administration Cleanup, how Cortex XDR can ingest Windows DHCP logs to discover additional network devices; and how to use object data from Active Directory to create endpoint groups which can be used for policy targeting in the latest Cortex XDR how-to videos!
Cortex XDR How-To Video: Endpoint Group
Cortex XDR How-To Video: Configure Cloud Identity Agent
Cortex XDR How-To Video: Windows DHCP Log Ingestion
In the October what’s in IoT Security update, we learned about a new third-party integration with BlueCat IPAM — which expands visibility into the structure and organization of the IP address—improvements to appearance and behavior, and a new report from RHISAC on the latest cyber threats from the retail, hospitality, and travel sectors.
Cyber Elite Expert @Nikoolayy1 wrote two super-helpful posts for LIVEcommunity this month! Check ‘em out:
OCR for Enterprise DLP and SaaS Security API
Optical Character Recognition or Optical Character reader (OCR), which is the electronic or mechanical conversion of images of typed, handwritten or printed text into machine-encoded text. This new feature is configured in Enterprise DLP cloud portal and functions for Prisma Access or on-prem firewalls with the Panorama Plug-in.
XDR Isolation Exceptions and Exclusions Use Case
When you isolate an endpoint, you halt all endpoint network access — except for traffic to #Cortex XDR. This can prevent a compromised endpoint from communicating with other endpoints, which reduces an attacker’s mobility. But traffic to Cortex XDR can be halted while still ensuring communication to Cortex XDR is always allowed.
Did you know that you can avoid messy work-arounds for not having internet access with Service Routes. This cool feature makes certain services use a dataplane interface (instead of the management interface). Special shoutout to Cyber Elite @reaper for his contribution to this blog!
For the October 2022 Member Spotlight, we’d like to applaud one of our community members, @LAYER_8, for their participation and engagement in the LIVEcommunity!
Since joining the community in July 2014, they have written 293 posts, received 79 likes, and authored 32 solutions (and counting). Thank you for your contribution and participation in the community @LAYER_8!
Palo Alto Networks is pleased to announce the General Availability of integration of VM-Series virtual firewalls with Microsoft Azure Gateway Load Balancer. This integration has been designed to efficiently augment native Microsoft Azure network security capabilities with next-generation threat protection — so customers can more easily attain greater performance and scalability.
Often overlooked, Application Filter objects can be a useful tool for administrators to streamline the security policy rulebase. An Application Filter is a dynamic object that can be created based on administrator-defined application attributes, including category, subcategory, risk factor, tags, and characteristics. Read more in this blog by @JayGolf — again with help from Cyber Elite expert @reaper! 🎉
Drift Detection is a feature that is included with Prisma Cloud Code Security that helps detect unwanted changes to your project’s source code. A few lines of code can turn your project upside down by creating easy entry points for hackers to use in order to leak data or turn your repository into malware.
If you already have a Prisma Cloud Code Security subscription, you can learn how to set up Drift Detection for your repositories now. Otherwise, read this blog on Prisma Cloud and Drift Detection to learn about how Drift Detection can help you maintain your security posture.
Did you know that Palo Alto Networks URL filtering can assign multiple categories to URLs that classify a website’s content, purpose, and safety? Every URL can have up to four categories, including a security-focused URL category (or "risk category" for short) that indicates how likely it is that the site will expose you to threats.
These risk categories enable you to implement simple security and decryption policies based on website safety, without requiring you to research and individually assess the sites that are likely to expose you to web-based threats.
Nominated Discussions help LIVEcommunity Solutions Engineers highlight a discussion post that has an Accepted Solution, and turn it into an article with additional helpful information, documentation, and clarity. Here are the Nominated Discussions we published this past month:
You're now fully briefed on LIVEcommunity's October 2022 highlights!
If this was helpful, be sure to give this blog a thumbs up. See you next month!
