Skip to Content

PSE-Cortex: How Do You Add Indicators to the Whitelist in Palo Alto Networks Cortex XDR?

By: Author Alex Lim

Posted on

Categories Exam

Discover the essential steps to add indicators to the whitelist in Palo Alto Networks Cortex XDR. Learn about manual entry and bulk actions for efficient threat management.

Table of Contents

Question

Which two actions are required to add indicators to the whitelist? (Choose two.)

A. Click “New Whitelisted Indicator” in the Whitelist page.
B. Upload an external file named “whitelist” to the Whitelist page.
C. Upload an external file named “whitelist” to the Indicators page.
D. Select the indicators and click “Delete and Whitelist” in the Indicators page.

Answer

The correct answers for adding indicators to the whitelist in Palo Alto Networks Cortex XDR are:

A. Click “New Whitelisted Indicator” in the Whitelist page.
D. Select the indicators and click “Delete and Whitelist” in the Indicators page.

Explanation

1. Manual Addition (Option A):

  • This method allows you to add individual indicators to the whitelist.
  • Navigate to the Whitelist page in the Cortex XDR console.
  • Click on “New Whitelisted Indicator” to open a form where you can manually enter the indicator details.
  • This approach is useful for adding specific, known-good indicators one at a time.

2. Bulk Action from Indicators Page (Option D):

  • This method enables you to add multiple indicators to the whitelist simultaneously.
  • Go to the Indicators page in the Cortex XDR console.
  • Select one or more indicators that you want to whitelist.
  • Click on “Delete and Whitelist” to remove these indicators from the active list and add them to the whitelist.
  • This approach is efficient for managing multiple indicators at once, especially when you’ve identified false positives.

It’s important to note that options B and C are incorrect:

  • There is no specific “whitelist” file upload functionality in Cortex XDR as described in these options.
  • Indicator management is typically done through the user interface or API, not through file uploads.

Understanding these methods for adding indicators to the whitelist is crucial for effective threat management in Palo Alto Networks Cortex XDR. It allows security teams to reduce false positives and focus on genuine threats, improving the overall efficiency of the security operations.

Palo Alto Networks PSE-Cortex certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Palo Alto Networks PSE-Cortex exam and earn Palo Alto Networks PSE-Cortex certification.