IOCs provide the ability to alert on known malicious objects on endpoints across the organization. You can load IOC lists from various threat-intelligence sources into the

Cortex

XDR

app or define them individually.

You can define the following types of IOCs:

After you define or load IOCs, the app checks for matches in the endpoint data collected from

Cortex

XDR

agents. Checks are both retroactive and ongoing: The app looks for IOC matches in all data collected in the past and continues to evaluate new any new data it receives in the future.

Alerts for IOCs are identified by a source type of IOC (see Cortex XDR Alerts for more information).