All news with #cortex xsiam tag

Fri, October 24, 2025

Threat Actor Misuse of AzureHound for Cloud Discovery

#Microsoft #Microsoft Azure #Cortex Cloud #Cortex XSIAM #IAM #MFA #Threat Report

🔍 AzureHound is an open-source Go-based enumeration tool designed for cloud discovery and red-team assessments that threat actors also misuse to map Entra ID and Azure resources. Unit 42 outlines how adversaries leverage Microsoft Graph and Azure REST APIs to enumerate users, groups, roles, storage and services and to identify privilege escalation paths. The report highlights observable artifacts such as the user-agent azurehound/ and discusses detection opportunities in Microsoft Graph, Entra ID sign-in logs and Cortex XQL hunts. Practical mitigations include phishing-resistant MFA, Conditional Access Policies, token binding and broad endpoint and cloud visibility.

Tue, October 7, 2025

Responding to Cloud Incidents: Investigation and Recovery

#Threat Report #IAM #Account Takeover #Ransomware #DDoS Surge #Data Retention #Cortex XSIAM

🔍 Unit 42 outlines a structured approach to investigating and responding to cloud incidents, noting that 29% of 2024 incident investigations involved cloud or SaaS environments. The guidance emphasizes a shift from endpoint-centric forensics to focus on identities, misconfigurations and service interactions. It recommends enabling and centralizing logs, retaining them for at least 90 days, and preparing for rapid evidence collection and VM/container imaging. The article stresses identity forensics, behavioral baselining and surgical containment to avoid alerting adversaries.

Tue, September 9, 2025

Inside Black Hat's NOC: Zero-Hour Security Operations

#Palo Alto Networks #Cortex XSIAM #AI Security #Conference #Cisco

🛡️ At Black Hat, Palo Alto Networks' NOC operates a zero-hour defense model that protects critical infrastructure while enabling controlled exploit training. Engineers from Cortex and Unit 42 collaborate with partners like Corelight to develop rapid detections, deploy contextual rules on PA-5430 firewalls, and automate responses via Cortex XSIAM. The environment balances visibility, segmentation and automated enforcement to stop external threats without disrupting sanctioned exercises.

Tue, August 12, 2025

Palo Alto Networks Opens Local Cloud Region in South Africa

#Advanced WildFire #AI Security #Cortex XSIAM #Data Residency #Palo Alto Networks #Prisma SASE

🌍 Palo Alto Networks has launched a new cloud location in South Africa to bring its AI-powered security platforms closer to local organizations. The region will host core services including Cortex XSIAM, Prisma SASE, Advanced WildFire, Advanced DNS Security, Strata Cloud Manager and Strata Logging Service. Local hosting is designed to reduce latency, meet data residency and sovereignty requirements, and deliver real-time detection, automated response and centralized logging. The investment aims to support South Africa’s digital transformation while addressing rising ransomware and phishing threats across the region.