Manage Global BIOC Rules

Update and copy BIOC rules, and add rule exceptions for the Cortex XDR app.
Cortex XDR checks for the latest update of global BIOC rules. If there are no new global BIOC rules, the app displays a content status of
Contentup to date
next to the BIOC rules table heading. A dot to the left of the rule name indicates a global BIOC rule. You can also view the optional
Source
column to see which rules are pushed by Palo Alto Networks.
  • Get the latest global BIOC rules.
    1. Navigate to
      Rules
      BIOC
      .
    2. To view the content details, hover over the status to show the global rules version number and last check date.
      global-bioc-current.png
    3. The content status displays the date when the content was last updated, either automatically or manually by an administrator.
      bioc-last-update.png
    4. If the status displays
      Could not check update
      , click the status to check for updates manually.
      The last updated date changes when the download is successful.
  • You cannot directly modify a global rule, but you can copy global rules as a template to create new rules.
    1. Locate a Palo Alto Networks
      Source
      type rule, right-click and select
      Save as New
      .
    2. Review and modify the BIOC properties as needed.
    3. Select
      OK
      to save the rule.
      The rule appears in the BIOC Rules table as a user-defined
      Source
      type rule which you can edit.
  • Although you cannot edit global rules, you can add exceptions to the rule.

Recommended For You