Welcome to our July 2023 Rewind, where we review some of LIVEcommunity’s biggest headlines from the past month! In July, we shared information on securing vWAN using Cloud NGFW for Azure, a LIVEcommunity member testimonial featuring Andrew Kahn, and the latest episodes of PANCast, and more! Read on to see community's July 2023 highlights. XDR Best Practices: 5 Tips For Better XQL QueriesThe Cortex Query Language (XQL) is an advanced query language, built on top of BigQuery (GoogleSQL), that enables you to query data ingested into Cortex XDR and XSIAM for rigorous endpoint and network event analysis. By leveraging the full potential of XQL, you can enhance threat hunting, investigation, and other critical security operations. In this blog post, we will provide some key tips and best practices for utilizing XQL more effectively, optimizing query performance, and leveraging its powerful features to streamline your data analysis workflows. This blog contains useful information and prepwork for backup procedures to move XSOAR from an old machine to a new machine. If there’s a high chance that you already have dozens, if not hundreds, of virtual networks in Azure, then this blog is for you! Whether your migration was a “lift-and-shift” or “ landing zone” type, you have likely come across the virtual wide area network (vWAN) and the benefits it offers while expanding your Azure footprint. Read more to quickly go through the main characteristics of the vWAN to explain why securing it is a big deal. This document describes the use-cases, architecture design and traffic flows for Palo Alto Networks VM-Series deployed in Active-Passive mode in Google Cloud. The Active-Passive architecture provides several advantages over the Active-Active architecture like stateful failover, eliminates several source NAT requirements, and can be used for static IPSec termination. This document is intended for network administrators, solution architects, and security professionals who are familiar with Compute Engine, Load Balancing and Virtual Private Cloud (VPC) networking. In this member testimonial — a video series that invites community members from around the world to share their experience on LIVEcommunity — Andrew explains that he uses the LIVEcommunity daily to get answers to technical questions and stay up-to-date with the latest updates and developments on Palo Alto Networks technology. He finds LIVEcommunity to be a valuable resource for discovering best practices and learning about new features of Palo Alto Networks firewalls. We hope you agree! New PANCast Episodes Are Out! PANCast is a Palo Alto Networks podcast that provides actionable insights from cybersecurity experts to customers, helping them ensure each day is more secure than the one before it. Visit our PANCast homepage to learn more and watch our previous podcasts in this series. PANCast Episode 21: Cortex XDR Agent Logs and Operational Status Analysis PANCast Episode 22: Azure Container Registry and Configuring Scanning Using Service Principal Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union from late 2020 to late 2022. Unit 42 tracks the activity associated with this campaign as CL-CRI-0021 and believes it stems from the same threat actor responsible for the previous campaign known as Manic Menagerie. The threat actor deployed coin miners on hijacked machines to abuse the compromised servers’ resources. They have further deepened their foothold in victims’ environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites. Read this blog to learn more information on threat actors and their evolution. The Cortex Threat Research team has been tracking recent campaigns that were using malicious OneNote email attachments as the initial attack vector. Malicious OneNote files have been made popular by various threat actors earlier this year, as a response to Microsoft blocking internet macros by default. In correlation with Microsoft’s notice, starting in early 2023, OneNote infected attachments have been seen spreading malware such as Emotet, Qakbot, and AsyncRAT to name a few. Read this Cyber Elite-written blog for more information on helpful SASE security tips. Recently, Unit 42 researchers observed instances of Cloaked Ursa using lures focusing on the diplomats themselves more than the countries they represent. We have identified Cloaked Ursa targeting diplomatic missions within Ukraine by leveraging something that all recently placed diplomats need – a vehicle. July ‘23 Discussion Highlight: Posts With Accepted Solutions Nominated Discussions help LIVEcommunity Solutions Engineers highlight a discussion that has an Accepted Solution, and turn it into an article with additional helpful information, documentation, and clarity! Here are the Nominated Discussions we published this past month:
