The Cortex XDR – Analytics Grayware alert indicates that an endpoint on your network contains grayware (riskware).
5 successful Pathfinder scans of the entire network.
Traffic logs or (optional) Traps agents installed on endpoints.
A file has been identified by Palo Alto Networks WildFire as grayware (sometimes known as riskware) based on WildFire analysis.
Grayware is detected by Traps agents installed on endpoints, or by Pathfinder analyzing network traffic.
If Traps is not installed, one of several symptoms caused Pathfinder to scan an endpoint for malicious software. Anomalous network activity might have caused Pathfinder to automatically scan the endpoint. Other symptoms such as threat intelligence received by your network security team might have caused some member of your team to run a manual scan of the endpoint.
As a result of the scan, Pathfinder discovered a suspicious file. Consequently, Pathfinder sent either the file or a signature of that file to Palo Alto Networks WildFire for analysis. WildFire has responded that the file is grayware.
If a Traps agent is installed on an endpoint, activity logged by Traps has been identified by Cortex XDR – Analytics as grayware.
Grayware is software that could be malicious, depending on the context in which it is used. For example, adware and spyware could be used by an attacker to export sensitive information so it is classified as grayware. Some IT tools that potentially have legitimate usage in your enterprise is classified as grayware because it might be used by attackers for lateral movements on your network.
- Read through the WildFire report to discover details about the grayware.
- Identify and examine the software flagged as grayware to determine if it is being used for malicious purposes. Investigate traffic generated by the grayware further in Cortex XDR™ – Investigation and Response.
- Use the endpoint profile to look for suspicious artifacts indicative of malware activity.
- In the Triage page, look for other endpoints that are showing this alert, and investigate them as well for a possible malware infection.
Malware The Cortex XDR – Analytics Malware alert indicates that a file has been identified as malware. Synopsis Detection Frequency 10 minutes. Learning Period 5 successful ...
Run a Manual Pathfinder Scan
Run a Manual Pathfinder Scan Pathfinder™ is a virtual machine that you install on your network. It is used to interrogate your endpoints for suspicious ...
View on-going and queued Pathfinder scans, Pathfinder scan history, and suspicious devices undergoing N2PA monitoring. ...
Cortex XDR – Analytics's Coverage of the Attack Lifecycle
Cortex XDR – Analytics Coverage of the Attack Tactics Network attacks follow predictable patterns. If you interfere with any portion of this pattern, the attack will ...
Cortex XDR – Analytics Pathfinder Page
The app’s Pathfinder page allows you to configure Pathfinder options. ...
Cortex XDR – Analytics Pathfinder Status
Cortex XDR – Analytics Pathfinder tab provides information about your Pathfinder installation(s) and activities. ...
Cortex XDR – Analytics Pathfinder VMs Page
Cortex XDR – Analytics Pathfinder VMs page allows you to manage and monitor the status of the Pathfinder VMs installed on your network. ...