* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Security Operations](https://www.paloaltonetworks.com.au/blog/security-operations/)
* [Must-Read Articles](https://www.paloaltonetworks.com.au/blog/security-operations/category/must-read-articles/)
* Cortex XDR Protections Ag...

# Cortex XDR Protections Against Malware Associated with Ukraine and Russia Cyber Activity

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity%2F)  
[](https://twitter.com/share?text=Cortex+XDR+Protections+Against+Malware+Associated+with+Ukraine+and+Russia+Cyber+Activity&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2Fsecurity-operations%2Fcortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity%2F&title=Cortex+XDR+Protections+Against+Malware+Associated+with+Ukraine+and+Russia+Cyber+Activity&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/security-operations/cortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity/&ts=markdown)  
\[\](mailto:?subject=Cortex XDR Protections Against Malware Associated with Ukraine and Russia Cyber Activity)  
Link copied  
By [Cortex XDR Research Team](https://www.paloaltonetworks.com/blog/author/cortex/?ts=markdown "Posts by Cortex XDR Research Team")  
Mar 21, 2022  
7 minutes  
[Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown)  
[Cortex XDR](https://www.paloaltonetworks.com/blog/tag/cortex-xdr/?ts=markdown)  
[Extended Detection and Response](https://www.paloaltonetworks.com/blog/tag/extended-detection-and-response/?ts=markdown)  
[Ukraine](https://www.paloaltonetworks.com/blog/tag/ukraine/?ts=markdown)  
[XDR](https://www.paloaltonetworks.com/blog/tag/xdr/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com.au/blog/security-operations/cortex-xdr-protections-against-malware-associated-with-ukraine-and-russia-cyber-activity/?lang=ja "Switch to Japanese(日本語)")

In the wake of Ukraine-Russia related cyber activities, our customers are asking us about Cortex XDR protection and detection mechanisms in place. As of March 8, Cortex XDR blocks all publicly known attacks associated with Ukraine and Russia cyber activity. This blog post describes what has been seen to date and the Cortex XDR security measures that safeguard customers. We will continue to update this post with new information as the situation unfolds.

Cortex XDR protects customers from the following attacks and malware families linked to the Ukraine and Russia cyber activity:

* HermeticWiper (also known as Foxblade)
* HermeticWizard
* HermeticRansom (also known as SonicVote)
* IsaacWiper
* WhisperGate - Both variants
* Gamaredon
* Outsteel
* SaintBot
* CaddyWiper
* Putin ransomware
* Cyclops Blink

## **HermeticWiper, HermeticWizard and HermeticRansom**

On Feb. 23, malware referred to as [HermeticWiper](https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/#hermeticwiper) was uploaded to a public malware repository from an organization in Kyiv, Ukraine. This executable is a signed file with a valid signature from an organization named Hermetica Digital Ltd. When executed, this malware enumerates all files on a hard drive, destroys the master boot record and forces a system reboot.

HermeticWizard is a [worm](https://www.eset.com/int/about/newsroom/press-releases/research/eset-research-ukraine-hit-by-destructive-attacks-before-and-during-the-russian-invasion-with-hermet/) first observed on Feb. 23 that spreads HermeticWiper across hosts in a local network using Windows Management Instrumentation (WMI) and Server Message Block (SMB) services.

HermeticRansom is ransomware that encrypts files based on file extension. Attackers may have used it as a diversionary tactic to carry out HermeticWiper attacks.

Cortex XDR blocks HermeticWiper, HermeticWizard, and HermeticRansom with Behavioral Threat Protection, Local Analysis, and Yara rules. More specifically, Behavioral Threat Protection blocks HermeticWiper by detecting dropper activity, blocking the revoker Hermetica Digital certificate and blocking malicious attempts to overwrite a host's drive partition.

## **IsaacWiper**

Another wiper, referred to as IsaacWiper, was discovered in a Ukrainian government organization on Feb. 24, 2022. Designed for Windows endpoints, it is simpler than HermeticWiper and it does not include an Authenticode signature or use benign drivers for partition corruption.

Cortex XDR prevents IsaacWiper attacks with endpoint protection rules designed explicitly to stop IsaacWiper. Cortex XDR also blocks RemCom, a remote access tool sometimes deployed along with IsaacWiper, with a greyware verdict through its native integration with WildFire cloud-based malware prevention service.

## WhisperGate

The Ukrainian government and other Ukrainian organizations were targeted with destructive malware, called [WhisperGate](https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/), in January. WhisperGate is computer network attack (CNA) malware that attempts to delete Microsoft Windows Defender and corrupt files on the target. It consists of two samples: One appears as ransomware while the other is a beaconing implant used to deliver an in-memory Microsoft Intermediate Language (MSIL) payload. The in-memory code uses legitimate applications and utilities already installed on endpoints to evade detection and it will not detonate when it detects certain monitoring and security tools.

Cortex XDR prevents this malware family from executing using AI-based local analysis, Behavioral Threat Protection, master boot record protection module, and the ransomware protection module.

## Gamaredon Attack Samples

[Gamaredon](https://unit42.paloaltonetworks.com/tag/gamaredon/) (aka Primitive Bear), is one of the most active advanced persistent threats targeting Ukraine. For nearly a decade, the Gamaredon group has launched attack campaigns against Ukrainian government officials and organizations. On Nov. 4, 2021, the Security Service of Ukraine (SSU) [publicly attributed](https://www.bleepingcomputer.com/news/security/ukraine-links-members-of-gamaredon-hacker-group-to-russian-fsb/) the leadership of the group to five Russian Federal Security Service (FSB) officers assigned to posts in Crimea and released an updated [technical report](https://ssu.gov.ua/uploads/files/DKIB/Technical%20report%20Armagedon.pdf) documenting the tools and tradecraft of this group.

Cortex XDR protects against the various malware used by Gamaredon through Behavioral Threat Protection and local analysis. In addition, Cortex XDR detects adversary tactics and techniques associated with Gamaredon.

## Outsteel

[Unit 42 observed](https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/) an attack targeting an energy organization in Ukraine using the OutSteel tool on Feb. 1, 2022. [CERT-UA publicly attributed the attack](https://cert.gov.ua/article/18419) to a UAC-0056 threat group.

The OutSteel tool is a simple document stealer. It searches for potentially sensitive documents based on their file type and exfiltrates files to a remote server. Analysis by Unit 42 suggests that the threat group may be collecting data on Ukraine government organizations and companies involved with critical infrastructure.

Cortex XDR blocks OutSteel malware through its seamless integration with WildFire and with Behavioral Threat Protection.

## **SaintBot**

The threat group behind OutSteel delivered it along with [SaintBot](https://unit42.paloaltonetworks.com/ukraine-targeted-outsteel-saintbot/), a malicious downloader, in a phishing email sent to an employee at an energy organization. SaintBot allows threat actors to download and run additional tools on the infected system. SaintBot provides persistent access to a targeted system while granting the ability to further their attack.

Cortex XDR Blocks SaintBot with Behavioral Threat Protection. In addition, it can detect unusual activities such as process queue APC (Asynchronous Procedure Call) injection and uncommon local scheduled task creation with Analytics BIOC alerts.

## **CaddyWiper**

CaddyWiper, [discovered](https://www.welivesecurity.com/2022/03/15/caddywiper-new-wiper-malware-discovered-ukraine/) on March 14, destroys user data and partition information from attached drives, including network mapped drives. The CaddyWiper software first checks to see if the system is a domain controller before wiping files. If the system is not a domain controller, then CaddyWiper will overwrite files and then destroy the partition tables.

Cortex XDR blocks CaddyWiper with WildFire, Yara rules, and [anti-ransomware module](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/endpoint-protection-modules.html), a security engine that detects and stops unauthorized changes---in this case file overwrites---to legitimate files.

## **Putin Ransomware**

First observed in Poland by [MalwareHunterTeam](https://twitter.com/malwrhunterteam/status/1502650989081415689), this ransomware encrypts files and appends the file extension ".putinwillburninhell" and then attempts to encrypt files The ransomware also creates a ransom note that displays a message about the current crisis in Ukraine, but the ransom note does not attempt to collect payments.

Cortex XDR blocks the ransomware with WildFire, Behavioral Threat Protection, and Yara rules.

## **Cyclops Blink**

Cybersecurity agencies in the U.S. and U.K. published a security advisory about new malware, called Cyclops Blink, associated with the [Sandworm](https://unit42.paloaltonetworks.com/super-tuesday-patch-tuesday-wont-forget/) threat actor group. The malware targets Linux-based network devices, and appears to be a replacement for the VPNFilter malware discovered in 2018.

Multiple agencies including the [National Security Agency](https://media.defense.gov/2022/Feb/23/2002943421/-1/-1/0/CSA_NEW_SANDWORM_MALWARE_CYCLOPS_BLINK_REPLACES_VPNFILTER_20220223.PDF) have attributed Sandworm to Russian GRU military intelligence service and linked it to the BlackEnergy and NotPetya attacks, which also targeted Ukrainian organizations.

Cortex XDR detects Cyclops Blink malware using WildFire cloud-based malware prevention service. However, since the malware is built for 32-bit PowerPC computer architectures, it would not execute or cause damage to Linux endpoints with the Cortex XDR agent.

## **Cortex XDR in Customer Environments**

Over the past few weeks, customers have contacted us to report their experiences testing or defending against recent attacks, and informing us that Cortex XDR successfully protected them against attacks, including wiper malware samples.

The Cortex XDR agent offers [proven protection](https://www.paloaltonetworks.com/blog/2022/01/active-prevention-in-av-comparative-epr/) in AV-Comparative EPR testing with a multi-method protection approach that includes: technique-based exploit prevention, global threat intelligence, AI-driven local analysis, Behavioral Threat Protection, integration with WildFire malware prevention, anti-ransomware protection, and more. Cortex XDR also provides leading protection against advanced persistent threat groups such as APT 29 (also known as Cozy Bear), as demonstrated in the [MITRE ATT\&CK round 2 evaluation](https://www.paloaltonetworks.com/blog/2020/04/cortex-mitre/).

The Cortex XDR Behavioral Threat Protection and AI-driven local analysis capabilities block the vast majority of attacks linked to Russia and Ukraine cyber activity because they detect malware behavior by using behavioral rules and machine learning models that examine thousands of file characteristics together. They also provide stronger resistance to evasion techniques than signature or hash or other IOC-based detection when adversaries modify how the malware is delivered by recompiling the samples, changing the filenames, how it's packaged, or other simple changes. As a result, Cortex XDR provides more resilient protection against these attacks as they evolve.

See our technical documentation to learn more about these and the rest of Cortex XDR's [multi-method protection capabilities](https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/endpoint-security/endpoint-security-concepts/about-cortex-xdr-protection.html). We will also discuss our latest protections against malware families like HermeticWiper in our [Cortex XDR 3.2 customer webinar](https://register.paloaltonetworks.com/cortexxdr32-putthreatsonicewithcoldstorage) on March 15.

## **Conclusion**

For Palo Alto Networks, our number one goal is to keep customers protected with the best technology and research. The Cortex XDR research team has collaborated with the Unit 42 threat research team to gather, analyze and share up-to-date intelligence about Ukraine and Russia. Both Cortex XDR researchers and our Unit 42 intel experts are monitoring the latest information from across our global network of threat intelligence and telemetry. We will continue to monitor the latest international cybersecurity activities to ensure our products and services provide our customers with the best protection available.

### References:

[https://unit42.paloaltonetworks.com/preparing-for-cyber-impact-russia-ukraine-crisis/](https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/)  
[https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/](https://unit42.paloaltonetworks.com/gamaredon-primitive-bear-ukraine-update-2021/)  
[https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/](https://unit42.paloaltonetworks.com/ukraine-cyber-conflict-cve-2021-32648-whispergate/)  
[https://www.paloaltonetworks.com/russia-ukraine-cyber-resources](https://www.paloaltonetworks.com/russia-ukraine-cyber-resources)  
[https://register.paloaltonetworks.com/unit42briefingrussiaukraine](https://register.paloaltonetworks.com/unit42briefingrussiaukraine)

*** ** * ** ***

## Related Blogs

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown)

[#### XDR for Dummies Guide is Out!](https://www.paloaltonetworks.com.au/blog/security-operations/xdr-for-dummies-guide-is-out/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Prioritizing Impact: A Practical Framework for XDR Success](https://www.paloaltonetworks.com.au/blog/security-operations/prioritizing-impact-a-practical-framework-for-xdr-success/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Stop Alert Fatigue: Fine-Tune Cortex XDR Analytics for Zero-Noise Security](https://www.paloaltonetworks.com.au/blog/security-operations/stop-alert-fatigue-fine-tune-cortex-xdr-analytics-for-zero-noise-security/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Introducing Malicious LDAP Query Protection for Cortex ITDR](https://www.paloaltonetworks.com.au/blog/security-operations/introducing-malicious-ldap-query-protection-for-cortex-itdr/)

### [AI and Cybersecurity](https://www.paloaltonetworks.com/blog/security-operations/category/ai-and-cybersecurity/?ts=markdown), [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [News and Events](https://www.paloaltonetworks.com/blog/security-operations/category/news-and-events/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown), [Use-Cases](https://www.paloaltonetworks.com/blog/security-operations/category/use-cases/?ts=markdown)

[#### From Silos to Synergy: How Cortex XDL Transforms XDR to Elevate Threat Detection](https://www.paloaltonetworks.com.au/blog/security-operations/from-silos-to-synergy-how-cortex-xdl-transforms-xdr-to-elevate-threat-detection/)

### [Must-Read Articles](https://www.paloaltonetworks.com/blog/security-operations/category/must-read-articles/?ts=markdown), [Product Features](https://www.paloaltonetworks.com/blog/security-operations/category/product-features/?ts=markdown)

[#### Think You Have Visibility? Think Again.](https://www.paloaltonetworks.com.au/blog/security-operations/think-you-have-visibility-think-again/)

### Subscribe to Security Operations Blogs!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language