Abstract
From the Cortex XSIAM management console, you can define your own rules based on behavior with the behavioral indicator of compromise (BIOC) rules.
Manage your behavioral indicator of compromise (BIOC) rules in
→ .If you are assigned a role that enables
→ privileges, you can view all user-defined and preconfigured rules for behavioral indicators of compromise (BIOCs).If you have Cortex XSIAM Analytics enabled, you can also view Analytics BIOCs (ABIOCs) on a separate page. To access this page, click Analytics BIOC Rules next to the refresh icon at the top of the page.
Each page displays fields that are relevant to the specific rule type.