Which statement best describes how Behavioral Threat Protection (BTP) works?
Which statement best describes how Behavioral Threat Protection (BTP) works?
Behavioral Threat Protection (BTP) works by matching Endpoint Detection and Response (EDR) data with predefined rules. These rules are distributed by Cortex XDR based on research and analysis of malicious causality chains. When the Cortex XDR agent detects a match to a behavioral threat protection rule, it carries out the configured action, which is typically set to block the malicious activity. This method ensures that even sophisticated attacks leveraging built-in OS executables and common administration utilities are detected and mitigated effectively.
The answer should be C. See the following documention by Palo Alto: 1) "BTP prevents sophisticated attacks that leverage built-in OS executables and common administration utilities by continuously monitoring endpoint activity for malicious causality chains" 2) "Palo Alto Networks researchers define the causality chains that are malicious and distribute those chains as behavioral threat rules. When the Cortex XDR agent detects a match to a behavioral threat protection rule, the Cortex XDR agent carries out the configured action (default is Block)." 1) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Protection-Capabilities 2) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-New-Malware-Security-Profile