Which type of BIOC rule is currently available in Cortex XDR?
Which type of BIOC rule is currently available in Cortex XDR?
In Cortex XDR, the types of BIOC (Behavioral Indicator of Compromise) rules include a specific category named 'Dropper.' This rule type is used to detect and respond to instances where malware or scripts are designed to deliver malicious payloads. Thus, 'Dropper' is a recognized type of BIOC rule in Cortex XDR.
D is the only correct answer. Type of BIOC rule: Collection Credential Access Dropper Evasion Execution Evasive Exfiltration File Privilege Manipulation File Type Obfuscation Infiltration Lateral Movement Other Persistence Privilege Escalation Reconnaissance Tampering
Type of BIOC rule: ● Collection ● Credential Access ● Dropper ● Evasion ● Execution ● Evasive ● Exfiltration ● File Privilege Manipulation ● File Type Obfuscation ● Infiltration ● Lateral Movement ● Other ● Persistence ● Privilege Escalation ● Reconnaissance ● Tampering
https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details
Option D: Dropper is the right answer. im2ca has labeled all types of BIOC Rule. Which can be found under: Ref.: https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details
Dropper
Both B & D are correct??
No Just D