Set Up Cortex XDR – Investigation and Response

After you set up the your network, cloud, and/or endpoint sensors you can use Cortex XDR – Investigation and Response.
  1. (Optional) From the Cortex XDR – Investigation and Response app, import any known malicious indicators of compromise (IOCs) for which you want to raise an alert.
  2. (Optional) Import any known malicious behavioral indicators of compromise (BIOCs) for which you want to raise an alert.
    Palo Alto Networks automatically delivers BIOC rules defined by the Palo Alto Networks threat research team to all Cortex XDR – Investigation and Response tenants, but you can also import any additional rules, as needed.

Related Documentation