IOCs provide the ability to alert on known malicious
objects on endpoints across the organization.
IOCs provide the ability to alert on
known malicious objects on endpoints across the organization. You
can load IOC lists from various threat-intelligence sources into
the Cortex XDR app or define them individually.
You can define the following types of IOCs:
Destination IP address
After you define or load IOCs, the app checks
for matches in the endpoint data collected from Cortex XDR agents.
Checks are both retroactive and ongoing: The app looks for IOC matches
in all data collected in the past and continues to evaluate new
any new data it receives in the future.
Alerts for IOCs are identified by a source type
of IOC (see Cortex XDR Alerts for more