PACortexAlert
ID: 100008
Description:
Cortex Malware alert
Repository: Group: ThreatAnalysis Type: event
Default Status:
Enabled
| Tags: | |
|---|---|
| Cortex | PA |
Selector:
Query:
Filters:
| Field | MUST hit |
|---|---|
| @cortexxdr.cat | Malware |
| @event_type | @cortexxdr |
| Field | MUST NOT hit |
|---|---|
Behavior Rule:
| Key | Type | Behavior Category |
|---|---|---|
| @cortexxdr.shost | asset | security alert |
Risks:
| Risks | Base Score | Dimension |
|---|---|---|
| ALERT_HIGH_CONFIDENCE | 2000 | alert |
| ALERT_END_POINT | 800 | alert |
Attributes:
| Alias | Key |
|---|---|
| Hostname | @cortexxdr.shost |
| Description | @cortexxdr.msg |
| Username | @cortexxdr.suser |
| Action | @cortexxdr.act |
| Customer | @customer |
| FilePath | @cortexxdr.filePath |
| Signature | @cortexxdr.Signature |
| FileHash | @cortexxdr.fileHash |
Correlation Rules:
First Occurrence:
| Name | Window | Fields |
|---|---|---|
| NewAsset | 10 days | @cortexxdr.shost |
| Risks: | ML_NEW_ASSET | |
| NewAlert | 10 days | @cortexxdr.msg |
| Risks: | ML_NEW_ALERT |
History:
| User | Date | | :— | :— | | — | — |
This page was automatically created/formatted on Wed, 2022 May 4 21:43:53 EDT, from rule_dump.json (4d88bffdfb1cea26b3985f2193033606)