Overview
Explore
Expertise
Ecosystem
43 results found
Introduction to XQL: Writing Your First Correlation Rule
Correlation Rules in Cortex XDR and XSIAM are how we can use XQL queries to detect patterns, anomalies or sequences of activities that could indicate malicious behavior, even when each individual event might not appear suspicious on its own. Correlation Rules typically leverage data from multiple datasets, but for our example, we'll keep it simple to alert on failed login attempts to a NGFW, and build on the query later.
Introduction to XQL: Writing Your First Query
Learning a new programming or query language can be daunting, but if you've used the boolean options in a web search engine before, you can master XQL queries in no time. Like with web searches, we start with a hypothesis of our search, add filters to limit our results, and then validate the results that are returned against our hypothesis.
Integrating Dataminr into a Palo Alto Networks–Centric Platform
Dataminr Pulse for Cyber Risk integrates external real-time intelligence into Palo Alto Networks' platform, enabling security teams to act on early warning signals before threats impact internal systems. This approach shifts security from reactive to prevention-based by leveraging AI-analyzed data from over a million public sources to detect risks outside organizational perimeters.
When Identity Becomes the Battlefield: Why Palo Alto Networks + CyberArk Changes the Map
Palo Alto Networks' acquisition of CyberArk marks a structural shift in cybersecurity, making Identity Security a core platform pillar alongside Network and SecOps. By unifying privilege, machine and AI identity protection, the move accelerates platformization and operational resilience.
PAN-OS and EDLs - Everything You Wanted to Know about External Dynamic Lists
Looking to implement external dynamic lists in your Palo Alto NGFW or Prisma Access? This post will answer all your questions about how EDLs work in PAN-OS to dynamically improve your security posture.
Introduction to XQL: Custom Datasets for Threat Hunting
Both Cortex XDR and XSIAM let you go well beyond endpoint telemetry from the XDR Agent by ingesting custom datasets through the Broker VM. Forwarding Proxmox syslogs, you can analyze failed logins and suspicious system activity directly in XQL. This unlocks the ability to correlate hypervisor events with endpoint, network, and identity data—all in one platform. Tracking brute-force attempts against pvedaemon, custom datasets give you visibility into layers that traditional EDR misses.
What is the Prisma Access Browser
The Prisma Access Browser, a custom Chromium-based browser by Palo Alto Networks, integrates advanced security services to offer seamless, robust protection. It validates users, limits access based on roles and eliminates the need for cumbersome VPNs, making it an ideal solution for modern, flexible work environments.
Texas A&M University System Teams Up with WWT for Cyber Range Challenge
Texas A&M University Systems partners with WWT for a Cyber Range Capture the Flag competition, empowering students with hands-on threat-hunting experience. Sponsored by industry leaders, this event highlights Texas A&M's commitment to reinvesting in its students and preparing future cybersecurity professionals.
Introduction to Cortex XDR
Learn how Cortex XDR secures the future by rewiring security operations.
Contractors and the Prisma Access Browser Solution
How the Prisma Access Browser can safely allow contractors or employees on personal devices access to protected resources
The Journey of a Cortex XSOAR Playbook: Theory and Concepts
Master Cortex XSOAR by shifting your perspective on automation. Dive into the foundational concepts of Incidents, Indicators and Playbooks to design scalable, resilient workflows. Embrace integrations, sub-playbooks and error handling to enhance efficiency. Prepare to transform raw data into actionable insights, setting the stage for advanced automation.
Introduction to XQL: Building Your First Widget
Widgets transform XQL query results into interactive visualizations, aiding SOC analysts in identifying trends and anomalies. This article demonstrates using widgets to graph failed GlobalProtect logins, helping detect brute-force attacks and misconfigurations, and providing proactive assistance to users.