View generating BIOC or IOC rule - Administrator Guide - Cortex XDR - Cortex - Security Operations

Cortex XDR Documentation

Product
Cortex XDR
Creation date
2024-03-06
Last date published
2024-10-01
Category
Administrator Guide
Abstract

You can view the BIOC or IOC rules that generated alerts directly from the Alerts table.

Notice

This functionality requires a Cortex XDR Pro license.

Easily view the BIOC or IOC rules that generated alerts directly from the Alerts table.

  1. From the Alerts page, locate alerts with Alert Sources: XDR BIOC and XDR IOC.

  2. Right-click the row, and select Manage AlertView generating rule.

    Cortex XDR opens the BIOC rule that generated the alert in the BIOC Rules page. If the rule has been deleted, an empty table is displayed.

  3. Review the rule, if necessary, right-click to perform available actions.