Manage Global BIOC Rules
Cortex XDR – Investigation and Response checks for the latest update of global BIOC rules. If there are no new global BIOC rules, the app displays a content status of Content up to date next to the BIOC rules table heading. A dot to the left of the rule name indicates a global BIOC rule. You can also view the optional Source column to see which rules are pushed by Palo Alto Networks.
- Get the latest global BIOC rules.
- Navigate to RulesBIOC.
- To view the content details, hover over the status to show the global rules version number and last check date.
- The content status displays the date when the content was last updated, either automatically or manually by an administrator.
- If the status displays Could not check update, click
the status to check for updates manually. The last updated date changes when the download is successful.
- Copy a global BIOC
rule.You cannot directly modify a global rule, but you can copy global rules as a template to create new rules.
- Add an exception for
a global BIOC rule.Although you cannot edit global rules, you can add exceptions to the rule.
BIOC Rule Details
BIOC Rule Details From Rules BIOC , you can view all user-defined and preconfigured behavioral indicator of compromise (BIOC) rules. To search for a specific ...
Working with BIOCs
Working with BIOCs Behavioral indicators of compromise (BIOCs) enable you to alert and respond to behaviors—tactics, techniques, and procedures. Instead of hashes and other traditional ...
Manage Existing Rules
Manage Existing Rules After you create a BIOC or IOC rule, you can take the following actions: Edit a Rule Export a Rule (BIOC Only) ...
Add a BIOC Rule Exception
Add a BIOC Rule Exception If you want to create a BIOC rule to take action on specific behaviors but also want to exclude one ...
Create a BIOC Rule
Create a BIOC Rule After identifying a threat and its characteristics, you can configure rules for behavioral indicators of compromise (BIOCs). After you enable a ...
Features Introduced in 2019
Introducing new features in the Cortex XDR – Investigation and Response by month during 2019. ...
Cortex XDR – Investigation and Response Alerts
Cortex XDR – Investigation and Response Alerts The Alerts page shows a table of all alerts in Cortex XDR – Investigation and Response. The Alerts page consolidates ...
Manage Cortex XDR – Investigation and Response Rules
Manage Cortex XDR – Investigation and Response Rules Cortex XDR – Investigation and Response Rules Working with BIOCs Working with IOCs Manage Existing Rules ...
Timeline View The Timeline provides a forensic timeline of the sequence of events, alerts, and informational BIOCs involved in an attack. While the Causality View ...