When you identify a threat, you can define specific indicators
for which you want Cortex XDR to raise alerts.
When you identify a threat, you can define
specific indicators for which you want Cortex XDR to raise alerts.
You can define rules for the following types of indicators:
Behavioral indicators of compromise (BIOCs)
threats based on their behaviors can be quite complex. As you identify
specific network, process, file, or registry activity that indicates
a threat, you create BIOCs that can alert you when the behavior
is detected. See Working with BIOCs.
Indicators of compromise (IOCs)
—Known artifacts that
are considered malicious or suspicious. IOCs are static and based
on criteria such as SHA256 hashes, IP addresses and domains, file
names, and paths. You create IOC rules based on information that
you gather from various threat-intelligence feeds or that you gather
as a result of an investigation within Cortex XDR. See Working with IOCs.