Which policy type should be used to detect and alert on cryptominer network activity?
Which policy type should be used to detect and alert on cryptominer network activity?
To detect and alert on cryptominer network activity, an anomaly policy type should be used. Anomaly policies are designed to monitor for unusual patterns of behavior that could indicate malicious activity such as cryptomining. These policies analyze network traffic and correlate it with known threat intelligence to identify suspicious activities, making them suitable for detecting cryptominers.
A Suspicious network actors—Exposes suspicious connections by inspecting the network traffic to and from your cloud environment and correlating it with AutoFocus, Palo Alto Networks threat intelligence feed. AutoFocus identifies IP addresses involved in suspicious or malicious activity and classifies them into one of eighteen categories. Some examples of the categories are Backdoor, Botnet, Cryptominer, DDoS, Ransomware, Rootkit, and Worm. There are thirty-six policies, two for each of the eighteen categories—internal and external. https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-policies/anomaly-policies
Anomalies example is cryptominer attacks