Behavioral indicators of compromise (BIOCs) enable you
to alert and respond to behaviors—tactics, techniques, and procedures.
Behavioral indicators of compromise (BIOCs)
enable you to alert and respond to behaviors—tactics, techniques,
and procedures. Instead of hashes and other traditional indicators
of compromise, BIOC rules detect the behavior of processes, registry,
files, and network activity.
To enable you to take advantage of the latest threat research,
Cortex XDR automatically receives preconfigured rules from Palo
Alto Networks. These global rules are delivered to all tenants with
content updates. In cases where you need to override a global BIOC
rule, you can disable it or set a rule exception. You can also configure
additional BIOC rules as you investigate threats on your network
and endpoints. BIOC rules are highly customizable: you can create
a BIOC rule that is simple or quite complex.
As soon as you create or enable a BIOC rule, the
app begins to monitor input feeds for matches. Cortex XDR also analyzes
historical data collected in the Cortex Data Lake. Whenever there
is a match, or
To further enhance the BIOC rule capabilities, you can also configure
BIOC rules as custom prevention rules and incorporate them with your
Restrictions profiles. Cortex XDR can then raise behavioral threat
prevention alerts based on your custom prevention rules in addition to
the BIOC detection alerts.