When you identify a threat, you can define specific rules
for which you want Cortex® XDR™ to raise alerts.
When you identify a threat, you can define
specific rules for which you want Cortex® XDR™ to raise alerts.
You can define the following rules:
Behavioral indicators of compromise (BIOCs)
threats based on their behaviors can be quite complex. As you identify
specific network, process, file, or registry activity that indicates
a threat, you create BIOCs that can alert you when the behavior
is detected. See Working with BIOCs. If you
—Known artifacts that
are considered malicious or suspicious. IOCs are static and based
on criteria such as SHA256 hashes, IP addresses and domains, file
names, and paths. You create IOC rules based on information that
you gather from various threat-intelligence feeds or that you gather
as a result of an investigation within Cortex XDR. See Working with IOCs.
you analyze correlations of multi-events from multiple sources by
using the Cortex XDR XQL-based engine for creating scheduled rules
called Correlations Rules. See Working with Correlation Rules.