Link Search Menu Expand Document

PACortexAlert

ID: 100008

Description:

Cortex Malware alert

Repository: Group: ThreatAnalysis Type: event

Default Status:

Enabled

Tags:  
Cortex PA
   

Selector:

Query:

Filters:

Field MUST hit
@cortexxdr.cat Malware
@event_type @cortexxdr
Field MUST NOT hit
   

Behavior Rule:

Key Type Behavior Category
@cortexxdr.shost asset security alert

Risks:

Risks Base Score Dimension
ALERT_HIGH_CONFIDENCE 2000 alert
ALERT_END_POINT 800 alert

Attributes:

Alias Key
Hostname @cortexxdr.shost
Description @cortexxdr.msg
Username @cortexxdr.suser
Action @cortexxdr.act
Customer @customer
FilePath @cortexxdr.filePath
Signature @cortexxdr.Signature
FileHash @cortexxdr.fileHash

Correlation Rules:

First Occurrence:

Name Window Fields
NewAsset 10 days @cortexxdr.shost
  Risks: ML_NEW_ASSET
NewAlert 10 days @cortexxdr.msg
  Risks: ML_NEW_ALERT

History:

| User | Date | | :— | :— | | — | — |

This page was automatically created/formatted on Tue, 2021 Oct 19 00:29:17 EDT, from rule_dump.json (db47c470500ce8686ead334f5eda0596)