Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)
Which two types of indicators of compromise (IOCs) are available for creation in Cortex XDR? (Choose two.)
In Cortex XDR, two of the types of indicators of compromise (IOCs) that can be created include file path and hash. The file path indicator allows monitoring and identification of specific files based on their location within the system. The hash indicator, such as MD5 or SHA256, enables verification of the integrity and authenticity of files by comparing their cryptographic hash values with known malicious files.
A Cortex XSOAR customer has a phishing use case in which a playbook has been implemented with one of the steps blocking a malicious URL found in an email reported by one of the users.
What would be the appropriate next step in the playbook?
After blocking a malicious URL found in an email, the next critical step would be to inform the CISO (Chief Information Security Officer) about the incident. This ensures that the organization's leadership is aware of the potential threat and can take necessary actions such as further investigation, response coordination, and communication with other stakeholders. Disabling the user's email account, confirming with the user, or changing the password are actions that depend on further assessment and instructions from the security team. Immediate notification to the CISO keeps the incident response process aligned with the organization's security policies and procedures.
What allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users?
Role-based access control (RBAC) allows the use of predetermined Palo Alto Networks roles to assign access rights to Cortex XDR users. RBAC is a widely recognized method for managing users' access to systems based on their roles within an organization, ensuring that users have the appropriate permissions for their job functions.
Which two actions are required to add indicators to the whitelist? (Choose two.)
To add indicators to the whitelist, you need to perform two key actions. First, click 'New Whitelisted Indicator' in the Whitelist page to manually add an indicator directly to the whitelist. This action directly addresses the process of adding new entries into the whitelist. Second, on the Indicators page, select the indicators you want to whitelist and utilize the 'Delete and Whitelist' option. This ensures that selected indicators are removed from the general list of indicators and added to the whitelist, facilitating ease of management.
Which playbook feature allows concurrent execution of tasks?
Parallel tasks are a feature that allows for the concurrent execution of multiple tasks. This capability is crucial in improving the efficiency and speed of processes that require multiple actions to be carried out simultaneously.