10/7/2023 0 Comments Lansweeper scanning ports![]() The list should be provided in CIDR notation, separated by commas. True means isolation will be done automatically.Ī list of IP ranges to check the IP against. Whether to automatically isolate endpoints, or opt for manual user approval. This will affect the calculated severity of the incident. Whether attacking IPs should be automatically blocked using firewalls.Ī list of comma-separated hostnames that should not be isolated even if used in an attack.Ī list of comma-separated values of email addresses that should receive a notification about compromised hosts.Ī list of comma-separated names of critical users in the organization. PANW - Hunting and threat detection by indicator type V2.This playbook uses the following sub-playbooks, integrations, and scripts. Allows manual blocking of ports that were used for host login following the port scan.Blocks detected malware associated with the incident.Hunts malware associated with the alerts across the organization.Escalates the incident in case of lateral movement alert detection.Notifies management about host compromise.Enriches the hostname and IP address of the attacking endpoint.Investigates a Cortex XDR incident containing internal port scan alerts. Supported Cortex XSOAR versions: 6.0.0 and later.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |