As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to downlo
Posted: Wed Mar 15, 2023 5:18 am
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?
A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
B. Enable DLL Protection on all servers but there might be some false positives.
C. Create IOCs of the malicious files you have found to prevent their execution.
D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.
A. Create Behavioral Threat Protection (BTP) rules to recognize and prevent the activity.
B. Enable DLL Protection on all servers but there might be some false positives.
C. Create IOCs of the malicious files you have found to prevent their execution.
D. Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading.