topic BIOC - Powershell Script Based Alert Detection in Cortex XDR Discussions https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-powershell-script-based-alert-detection/m-p/481787#M1902 <P>We know that Cortex has the ability to use AMSI but is any one able to achieve a BIOC rule which can trigger an alert for the content inside the script.</P><P>&nbsp;</P><P>Lets say if a Powershell script which is being run has certain parameters in the body such as "replace","Download","Invoke-WebRequest" etc...</P><P>&nbsp;</P><P>Is it possible to create a BIOC rule for the content inside in the script?</P><P>&nbsp;</P><P>Thanks in Advance.</P> Thu, 21 Apr 2022 23:13:55 GMT KanwarSingh01 2022-04-21T23:13:55Z BIOC - Powershell Script Based Alert Detection https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-powershell-script-based-alert-detection/m-p/481787#M1902 <P>We know that Cortex has the ability to use AMSI but is any one able to achieve a BIOC rule which can trigger an alert for the content inside the script.</P><P>&nbsp;</P><P>Lets say if a Powershell script which is being run has certain parameters in the body such as "replace","Download","Invoke-WebRequest" etc...</P><P>&nbsp;</P><P>Is it possible to create a BIOC rule for the content inside in the script?</P><P>&nbsp;</P><P>Thanks in Advance.</P> Thu, 21 Apr 2022 23:13:55 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-powershell-script-based-alert-detection/m-p/481787#M1902 KanwarSingh01 2022-04-21T23:13:55Z Re: BIOC - Powershell Script Based Alert Detection https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-powershell-script-based-alert-detection/m-p/502857#M2179 <P>Hi&nbsp;KanwarSingh01,</P><P>&nbsp;</P><P><SPAN>The Cortex XDR Agent features Behavioral Threat Protection modules leveraging the Anti-Malware Scan Interface (AMSI) to block PowerShell scripts.</SPAN></P><P>&nbsp;</P><P>To create a BIOC rule, please check out Live Community How-to video&nbsp;<A href="https://live.paloaltonetworks.com/t5/cortex-xdr-how-to-videos/script-block-query-and-bioc/ta-p/347277" target="_blank">Script Block Query and BIOC | Palo Alto Networks</A></P><P>&nbsp;</P><P>Thanks</P> Fri, 10 Jun 2022 21:01:47 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/bioc-powershell-script-based-alert-detection/m-p/502857#M2179 jtalton 2022-06-10T21:01:47Z