Custom IOA rules are defined using which syntax?
Custom IOA rules are defined using which syntax?
Custom IOA (Indicator of Attack) rules are defined using Regex syntax. Regex, or regular expressions, are a sequence of characters that define a search pattern, which is commonly used for string matching within texts. This allows for specific and complex pattern matching necessary for defining security rules and detections accurately.
B is wrong! the correct answer is D - Regex. verified on Falcon console.
From Documentation - Detection and Prevention Policies "The four different rule types provide unique detection parameters that can be configured using supported regex syntax in their fields."
Glob is the correct one. Answer is A
Regex syntax is used
From Documentation --> Detection and Prevention Policies "The four different rule types provide unique detection parameters that can be configured using supported regex syntax in their fields." Right answer: D - Regex.
D - regex
I believe ML uses Glob, but IOA uses Regex. D.
When creating an IOA its providing you with this link: Custom Intelligence via Indicator of Attack Regex guidelines https://falcon.crowdstrike.com/documentation/68/detection-and-prevention-policies#regex
D Regex. ML is Glob. IOA is Regex
D - Regex checked in. UI under Endpoint Security > Configure > Custom IOA Rule Groups. Use REGEX