Cortex XDR - PrintNightmare Detection and Response
The playbook targets specific PrintNightmare rules written by Cortex XDR for both vulnerabilities: [CVE-2021-1675 LPE](https://nvd.nist.gov/vuln/detail/CVE-2021-1675) [CVE-2021-34527 RCE](https://nvd.nist.gov/vuln/detail/CVE-2021-34527) This playbook includes the following tasks: - Containment of files, endpoints, users and IP Addresses - Enrichment of indicators - Data acquisition of system info and files using Cortex XDR - Eradicating compromised user credentials ** Note: This is a beta playbook, which lets you implement and test pre-release software. Since the playbook is beta, it might contain bugs. Updates to the pack during the beta phase might include non-backward compatible features. We appreciate your feedback on the quality and usability of the pack to help us identify issues, fix them, and continually improve.
Cortex XDR by Palo Alto Networks · 36 tasks · 5 inputs · 0 outputs
Inputs
IsolateEndpointAutomatically— Whether to isolate the endpoint automaticallyDisableAccountAutomatically— Whether to disable the account automaticallyBlockIPAutomatically— Whether to block the IP Address automaticallyEnrichAutomatically— Whether to run indicators auto enrichment automaticallyUserVerification— Possible values: True/False. Whether to provide user verification for blocking IPs. False - No prompt will be displayed to the user. True - The server will ask the user for blocking verification and will display the blocking list.
Commands used
ad-disable-account
enrichIndicators
xdr-get-incident-extra-data