Which Type of IOC can you define in Cortex XDR?
Which Type of IOC can you define in Cortex XDR?
In Cortex XDR, an Indicator of Compromise (IOC) can be defined using various static artifacts that are considered malicious or suspicious. One such type of IOC is the full path, which helps in identifying potentially harmful files based on their location in the file system. This option aligns with the listed criteria for defining IOCs in the context of cybersecurity.
5.1.1 Explain the purpose and use of the IOC technique Indicators of compromise (IOCs) are the artifacts that are considered malicious or suspicious. IOCs are static and based on criteria such as: ● Full path ● File name ● Domain ● Destination IP address ● MD5 hash ● SHA-256
ii. TYPE indicates the type of indicators, such as Full Path, File Name, Domain, and Hash.