8 results found
Introduction to XQL: Writing Your First Correlation Rule
Correlation Rules in Cortex XDR and XSIAM are how we can use XQL queries to detect patterns, anomalies or sequences of activities that could indicate malicious behavior, even when each individual event might not appear suspicious on its own. Correlation Rules typically leverage data from multiple datasets, but for our example, we'll keep it simple to alert on failed login attempts to a NGFW, and build on the query later.
Introduction to XQL: Writing Your First Query
Learning a new programming or query language can be daunting, but if you've used the boolean options in a web search engine before, you can master XQL queries in no time. Like with web searches, we start with a hypothesis of our search, add filters to limit our results, and then validate the results that are returned against our hypothesis.
Introduction to XQL: Building Your First Widget
Widgets transform XQL query results into interactive visualizations, aiding SOC analysts in identifying trends and anomalies. This article demonstrates using widgets to graph failed GlobalProtect logins, helping detect brute-force attacks and misconfigurations, and providing proactive assistance to users.
The Grizzled CyberVet's Tactical Plan: Mapping Palo Alto Networks to MITRE ATT&CK
Next up in the Grizzled CyberVet series: A global enterprise faces a full-scale cyberattack spanning every stage of the MITRE ATT&CK framework. Armed with Palo Alto Networks' full security platform, they stop the threat at every turn. Learn how a unified security strategy can outmatch attackers before they succeed. Read on to see it in action!
From Chaos to Clarity: Effective Attack Surface Management with Cortex Xpanse
Attack Surface Management (ASM) is vital for modern cybersecurity. Cortex Xpanse offers continuous visibility, automated discovery and risk assessment of internet-facing assets. This structured approach, from discovery to advanced automation, helps organizations reduce their attack surface and secure assets effectively.
Operationalizing Threat Intelligence with Cortex: A Maturity Model for SOCs
Transforming raw data into actionable intelligence is crucial for cybersecurity. This article explores the stages of operationalizing threat intelligence, from basic ingestion to fully automated, proactive security operations, using Cortex TIM. Learn how to enhance your SOC's capabilities, reduce manual effort and shift from reactive to proactive defense.
Palo Alto Ignite Conference Key Takeaways
A brief recap of my experience at Palo Alto's Ignite conference this year. Palo Alto demonstrated Cortex XSOAR, XDR, Xpanse and the new XSIAM.
The Evolution of Cortex: Building the Future of Security Operations
Built on a decade of innovation and strategic acquisitions, Cortex unifies data from endpoints, networks, and cloud environments, empowering organizations to efficiently combat advanced cyber threats with minimal manual intervention.