Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)
Which two playbook functionalities allow looping through a group of tasks during playbook execution? (Choose two.)
GenericPolling playbooks are designed to repeatedly execute a set of tasks until a specific condition is met, allowing continuous monitoring or periodic checks as needed. Playbook tasks can be configured with conditions to loop through a group of tasks based on previous task outcomes, facilitating repeated executions within the same playbook. Thus, both options fulfill the requirement of allowing looping through a group of tasks during playbook execution.
Cortex XSOAR has extracted a malicious Internet Protocol (IP) address involved in command-and-control (C2) traffic.
What is the best method to block this IP from communicating with endpoints without requiring a configuration change on the firewall?
The best method to block an IP address involved in command-and-control (C2) traffic without requiring a configuration change on the firewall is to have XSOAR automatically add the IP address to an external dynamic list (EDL) used by the firewall. EDLs are lists that can be dynamically updated and referenced by firewall policies to block or allow traffic. This method allows the firewall to automatically update its blocking rules based on the latest threat intelligence without needing manual configuration changes.
Which integration allows searching and displaying Splunk results within Cortex XSOAR?
The correct integration for searching and displaying Splunk results within Cortex XSOAR is the Splunk integration. The Splunk integration in Cortex XSOAR is designed to interact with Splunk, allowing users to search for data and fetch results directly from Splunk into Cortex XSOAR. While other integrations might exist, they serve different purposes or functionalities that are not specifically about searching and displaying Splunk results within Cortex XSOAR.
Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)
In Cortex XDR, two of the types of indicators of compromise (IOCs) that can be created include file path and hash. The file path indicator allows monitoring and identification of specific files based on their location within the system. The hash indicator, such as MD5 or SHA256, enables verification of the integrity and authenticity of files by comparing their cryptographic hash values with known malicious files.
A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.
What would be the appropriate next step in the playbook?
After blocking a malicious URL found in an email, the next critical step would be to inform the CISO (Chief Information Security Officer) about the incident. This ensures that the organization's leadership is aware of the potential threat and can take necessary actions such as further investigation, response coordination, and communication with other stakeholders. Disabling the user's email account, confirming with the user, or changing the password are actions that depend on further assessment and instructions from the security team. Immediate notification to the CISO keeps the incident response process aligned with the organization's security policies and procedures.