Abstract
You can view the BIOC or IOC rules that generated alerts directly from the Alerts table.
Notice
This functionality requires a Cortex XDR Pro license.
Easily view the BIOC or IOC rules that generated alerts directly from the Alerts table.
From the Alerts page, locate alerts with Alert Sources: XDR BIOC and XDR IOC.
Right-click the row, and select
→ .Cortex XDR opens the BIOC rule that generated the alert in the BIOC Rules page. If the rule has been deleted, an empty table is displayed.
Review the rule, if necessary, right-click to perform available actions.