Cortex XDR Indicators

When you identify a threat, you can define specific indicators for which you want Cortex XDR to raise alerts.
When you identify a threat, you can define specific indicators for which you want Cortex XDR to raise alerts. You can define rules for the following types of indicators:
  • Behavioral indicators of compromise (BIOCs)
    —Identifying threats based on their behaviors can be quite complex. As you identify specific network, process, file, or registry activity that indicates a threat, you create BIOCs that can alert you when the behavior is detected. See Working with BIOCs.
  • Indicators of compromise (IOCs)
    —Known artifacts that are considered malicious or suspicious. IOCs are static and based on criteria such as SHA256 hashes, IP addresses and domains, file names, and paths. You create IOC rules based on information that you gather from various threat-intelligence feeds or that you gather as a result of an investigation within Cortex XDR. See Working with IOCs.
After you create an indicator rule, you can Manage Existing Indicators from Cortex XDR.

Recommended For You