Cortex XDR is threat detection and response software from Palo Alto Networks.
Much like people, computer programs exhibit certain behaviors when engaged in malicious activities. XDR protects against threats (malware, viruses, etc.) by monitoring our workstations and flagging any process that exhibits those behaviors. When a process is flagged as a potential threat, XDR prevents it from running and generates a security event which is sent to CISL's Cybersecurity Program Office. On Windows and MacOS clients, an alert is displayed to the end-user as well.
When a security event is generated on a HAO workstation, a security engineer contacts CSMT with the name of the workstation and any steps that should be taken to mitigate the threat. A CSMT team member then contacts the user of the workstation to ensure that those steps are taken.
In rare cases, Cortex XDR will identify a benign process as a threat. After determining that a flagged process is benign, CSMT will notify a security engineer of the false positive. The process can then be whitelisted and allowed to run on the computer in question and any other client running the same software.
To confirm that XDR is functioning properly, open the Cortex XDR console and verify that protection status is "Enabled".
