Overview
Explore
Expertise
Ecosystem
52 results found
Introduction to XQL: Writing Your First Query
Learning a new programming or query language can be daunting, but if you've used the boolean options in a web search engine before, you can master XQL queries in no time. Like with web searches, we start with a hypothesis of our search, add filters to limit our results, and then validate the results that are returned against our hypothesis.
PAN-OS and EDLs - Everything You Wanted to Know about External Dynamic Lists
External Dynamic Lists (EDLs) in Palo Alto Firewalls dynamically integrate IPs, URLs, and domains into security policies, reducing change requests. They empower SOCs to manage threats without firewall changes. Despite limitations, EDLs enhance security by automating updates and supporting authentication. Implementing EDLs optimizes security posture and streamlines threat management.
Introduction to XQL: Custom Datasets for Threat Hunting
Both Cortex XDR and XSIAM let you go well beyond endpoint telemetry from the XDR Agent by ingesting custom datasets through the Broker VM. Forwarding Proxmox syslogs, you can analyze failed logins and suspicious system activity directly in XQL. This unlocks the ability to correlate hypervisor events with endpoint, network, and identity data—all in one platform. Tracking brute-force attempts against pvedaemon, custom datasets give you visibility into layers that traditional EDR misses.
Introduction to XQL: Writing Your First Correlation Rule
Correlation Rules in Cortex XDR and XSIAM are how we can use XQL queries to detect patterns, anomalies or sequences of activities that could indicate malicious behavior, even when each individual event might not appear suspicious on its own. Correlation Rules typically leverage data from multiple datasets, but for our example, we'll keep it simple to alert on failed login attempts to a NGFW, and build on the query later.
InfoSecurity Europe 2022 Recap
Two WWT security experts share their key takeaways from InfoSec Europe — from the enhanced focus on the cloud and increased sophistication of attacks — and the ways we have to respond to threats and attacks — to WWT's station domination of Prince Regents.
"Unified": SASE's Most Subjective Word
"Unified" is a word the entire SASE industry has rallied around. It is also a word nobody defines the same way. Vendors, network teams, security teams, and business leaders all have a different picture in mind. What follows is a guide to the five philosophies shaping the market, and the questions that will help you match the right solution to the problem you are actually trying to solve.
Better AI, Not Less AI: The Case for Explainability in Security Operations
As organizations struggle with alert fatigue, traditional AI security tools fall short by operating as black boxes that offer verdicts without reasoning. Explainable AI (XAI) addresses this by showing analysts why decisions are made across triage, investigation, and response. The result is faster workflows, smarter detection and analysts who build real threat intuition.
The Journey of a Cortex XSOAR Playbook: Theory and Concepts
Master Cortex XSOAR by shifting your perspective on automation. Dive into the foundational concepts of Incidents, Indicators and Playbooks to design scalable, resilient workflows. Embrace integrations, sub-playbooks and error handling to enhance efficiency. Prepare to transform raw data into actionable insights, setting the stage for advanced automation.
When Identity Becomes the Battlefield: Why Palo Alto Networks + CyberArk Changes the Map
Palo Alto Networks' acquisition of CyberArk marks a structural shift in cybersecurity, making Identity Security a core platform pillar alongside Network and SecOps. By unifying privilege, machine and AI identity protection, the move accelerates platformization and operational resilience.
Enterprise Browsers vs Virtual Desktop Infrastructure (VDI): What are they, what do they do and how are they different
In today's digital workspace, organizations seek secure, efficient solutions to manage remote access and application delivery. This blog post explores the concept of an enterprise browser and virtual desktop infrastructure (VDI), detailing their functionalities, use cases and key differences. By understanding these tools, businesses can make informed decisions on which solution best meets their usability, security and operational needs.
Stop Stacking Boxes. Start Designing Security.
Back-to-back firewalls were effective 15-20 years ago, but in today's encrypted, identity-driven and rapidly evolving threat landscape, they add cost and complexity without meaningful protection. Modern security replaces duplicated perimeters with platform-integrated NGFW enforcement, segmentation and coordinated prevention—delivering stronger, measurable defense through intelligent design rather than stacked legacy controls.
The State of Data Loss Prevention
Data Loss Prevention has regained prominence in recent years due to large scale breaches and increasingly stringent regulatory requirements. Vendors with varying tech heritages have been lining up to employ new technologies and techniques against this seemingly never-ending problem.