Supported Cortex XSOAR versions: 6.0.0 and later.
This playbook includes the following tasks:
- Collect indicators to be used in your threat hunting process
- Retrieve IOCs related to HAFNIUM and the exploited exchange 0-day vulnerabilities
- Discover IOCs related to the attack
- Query firewall logs to detect malicious network activity
- Search endpoint logs for malicious hashes to detect compromised hosts (Available from Cortex XSOAR 5.5.0).
- Block indicators
Read more about the attack on our Unit42 blog: https://unit42.paloaltonetworks.com/microsoft-exchange-server-vulnerabilities/ Note: This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs. Updates to the pack during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve.
This playbook uses the following sub-playbooks and scripts.
- Search Endpoint by CVE - Generic
- Palo Alto Networks - Hunting And Threat Detection
- Block Indicators - Generic v2
- Search Endpoints By Hash - Generic V2
|BlockIndicatorsAutomatically||Whether to automatically indicators involved with HAFNIUM exploits||False||Optional|
There are no outputs for this playbook.