Abstract
From the Cortex XDR management console, you can define your own rules based on behavior with the behavioral indicator of compromise (BIOC) rules.
Notice
Managing IOCs requires a Cortex XDR Pro license.
Manage your behavioral indicator of compromise (BIOC) rules in
→ .If you are assigned a role that enables
→ privileges, you can view all user-defined and preconfigured rules for behavioral indicators of compromise (BIOCs).If you have Cortex XDR Analytics enabled, you can also view Analytics BIOCs (ABIOCs) on a separate page. To access this page, click Analytics BIOC Rules next to the refresh icon at the top of the page.
Each page displays fields that are relevant to the specific rule type.