Overview
Explore
Resources
Enablement
15 results found
Introduction to XQL: Writing Your First Query
Learning a new programming or query language can be daunting, but if you've used the boolean options in a web search engine before, you can master XQL queries in no time. Like with web searches, we start with a hypothesis of our search, add filters to limit our results, and then validate the results that are returned against our hypothesis.
PAN-OS and EDLs - Everything You Wanted to Know about External Dynamic Lists
External Dynamic Lists (EDLs) in Palo Alto Firewalls dynamically integrate IPs, URLs, and domains into security policies, reducing change requests. They empower SOCs to manage threats without firewall changes. Despite limitations, EDLs enhance security by automating updates and supporting authentication. Implementing EDLs optimizes security posture and streamlines threat management.
Introduction to XQL: Custom Datasets for Threat Hunting
Both Cortex XDR and XSIAM let you go well beyond endpoint telemetry from the XDR Agent by ingesting custom datasets through the Broker VM. Forwarding Proxmox syslogs, you can analyze failed logins and suspicious system activity directly in XQL. This unlocks the ability to correlate hypervisor events with endpoint, network, and identity data—all in one platform. Tracking brute-force attempts against pvedaemon, custom datasets give you visibility into layers that traditional EDR misses.
Introduction to XQL: Writing Your First Correlation Rule
Correlation Rules in Cortex XDR and XSIAM are how we can use XQL queries to detect patterns, anomalies or sequences of activities that could indicate malicious behavior, even when each individual event might not appear suspicious on its own. Correlation Rules typically leverage data from multiple datasets, but for our example, we'll keep it simple to alert on failed login attempts to a NGFW, and build on the query later.
The Journey of a Cortex XSOAR Playbook: Theory and Concepts
Master Cortex XSOAR by shifting your perspective on automation. Dive into the foundational concepts of Incidents, Indicators and Playbooks to design scalable, resilient workflows. Embrace integrations, sub-playbooks and error handling to enhance efficiency. Prepare to transform raw data into actionable insights, setting the stage for advanced automation.
Introduction to XQL: Building Your First Widget
Widgets transform XQL query results into interactive visualizations, aiding SOC analysts in identifying trends and anomalies. This article demonstrates using widgets to graph failed GlobalProtect logins, helping detect brute-force attacks and misconfigurations, and providing proactive assistance to users.
The Evolution of Cortex: Building the Future of Security Operations
Built on a decade of innovation and strategic acquisitions, Cortex unifies data from endpoints, networks, and cloud environments, empowering organizations to efficiently combat advanced cyber threats with minimal manual intervention.
The Journey of Cortex XSOAR Playbook: Designing Your First Playbook
Transform your manual firewall upgrade process into a streamlined, automated workflow with Cortex XSOAR. This article guides you through designing a robust playbook for upgrading High Availability firewall pairs, emphasizing architectural decisions, governance integration and validation patterns. Discover how automation reduces errors, enhances efficiency and satisfies compliance requirements.
The Grizzled CyberVet: How Palo Alto Networks Powers End-to-End Cyber Defense
Fragmented security solutions create inefficiencies and vulnerabilities. This article explores how Palo Alto Networks' integrated platform addresses these gaps, breaking the cybersecurity kill chain at every stage. By consolidating security functions, organizations enhance threat prevention, streamline operations and reduce costs. Learn how a unified approach strengthens defenses and why proactive security is essential for business resilience.
Palo Alto Ignite Conference Key Takeaways
A brief recap of my experience at Palo Alto's Ignite conference this year. Palo Alto demonstrated Cortex XSOAR, XDR, Xpanse and the new XSIAM.
Automating Third-Party Risk with Dataminr + Cortex XSOAR
The gap between collecting threat feeds and applying real-world threat intelligence to your environment is where most programs fail. Security teams know something happened, but struggle to detect it early, determine relevance, and trigger consistent response actions. Integrating Dataminr's AI-powered real-time threat intelligence with Cortex XSOAR enables your SOC to be ahead of physical and cyber threats correlated to your environment.
Nine Days to Exploitation. Two Weeks to Bypass. How Dataminr and Cortex Break the ToolShell Cycle.
Microsoft patched the SharePoint ToolShell vulnerability chain in July 2025. Within nine days it was under active exploitation. Within two weeks, the patches had been bypassed. Eight months later, a third variant was confirmed in the wild. Dataminr flagged the threat before the first CVE was published, giving customers weeks of early visibility that most organizations never had. This post walks through how the attack works, what it means for each team in your organization, and how Dataminr's early warning, combined with Cortex XSOAR, gives the SOC the visibility and prioritization it needs to stay ahead of a threat that won't stay fixed.