1. Home
    2. Security Operations
    3. Cortex XDR
    4. Cortex® XDR Pro Administrator’s Guide
    5. Investigation and Response
    6. Cortex XDR Rules
    7. Working with BIOCs
    8. Manage Global BIOC Rules

    Manage Global BIOC Rules

    From the
    Cortex®
    XDR™
     management console you can update and copy BIOC rules, and add rule exceptions.
    Cortex
    XDR
     checks for the latest update of global BIOC rules. If there are no new global BIOC rules, the app displays a content status of
    Content up to date
     next to the BIOC rules table heading. A dot to the left of the rule name indicates a global BIOC rule.
    You can also view the optional
    Source
     field to see which rules are pushed by Palo Alto Networks.
    • Get the latest global BIOC rules.
      1. Navigate to
        Detection & Threat Intel
        Detection Rules
        BIOC
        .
      2. To view the content details, hover over the status
        Content up to date
        , to show the global rules version number and last check date.
        The content status displays the date when the content was last updated, either automatically or manually by an administrator.
      3. If the status displays Could not check update, click the status to check for updates manually.
        The last updated date changes when the download is successful.
    • You cannot directly modify a global rule, but you can copy global rules as a template to create new rules.
      1. Locate a Palo Alto Networks
        Source
         type rule, right-click and select
        Save as New
        .
      2. Select
        OK
         to save the rule.
        The rule appears in the BIOC Rules table as a user-defined
        Source
         type rule which you can edit.
    • Although you cannot edit global rules, you can add exceptions to the rule, if needed.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2022 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo