https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546917#M4629 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>,</P> <P>&nbsp;</P> <P>If you're wanting to set up detection rules these keywords there are a few ways you could do it.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>You could use a custom script and interface with the API.&nbsp; Although a simpler method might just be to add these as appropriate BIOCs.</P> <P>&nbsp;</P> <P>Let me know if you like either of these ideas.</P> Thu, 22 Jun 2023 19:51:42 GMT anlynch 2023-06-22T19:51:42Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546775#M4622 <P>Hello dear community,&nbsp;</P> <P>&nbsp;</P> <P>how could this keywords be integrated into cortex xdr pro?</P> <P>&nbsp;</P> <P><A href="https://mthcht.github.io/ThreatHunting-Keywords/" target="_blank">https://mthcht.github.io/ThreatHunting-Keywords/</A></P> <P>&nbsp;</P> <P>happy hunting!</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> Wed, 21 Jun 2023 21:40:33 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546775#M4622 RFeyertag 2023-06-21T21:40:33Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546917#M4629 <P>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/190671">@RFeyertag</a>,</P> <P>&nbsp;</P> <P>If you're wanting to set up detection rules these keywords there are a few ways you could do it.&nbsp;&nbsp;</P> <P>&nbsp;</P> <P>You could use a custom script and interface with the API.&nbsp; Although a simpler method might just be to add these as appropriate BIOCs.</P> <P>&nbsp;</P> <P>Let me know if you like either of these ideas.</P> Thu, 22 Jun 2023 19:51:42 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546917#M4629 anlynch 2023-06-22T19:51:42Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546922#M4632 <P>Do you think this BIOC creation could be done by the experts from PA/Cortex XDR team?</P> <P>&nbsp;</P> <P>BR</P> <P>&nbsp;</P> <P>Rob</P> <P>&nbsp;</P> Thu, 22 Jun 2023 21:34:24 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546922#M4632 RFeyertag 2023-06-22T21:34:24Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546994#M4634 <P>I believe some of these are currently protected out of the box with Cortex XDR and it's always possible more will be added in future content updates.&nbsp; Unless you've tested and confirmed I'd suggest adding them as BIOC's as each organization has different needs.</P> Fri, 23 Jun 2023 12:19:40 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/hunting-for-keywords-how-to-do-that-in-cortex-xdr-pro/m-p/546994#M4634 anlynch 2023-06-23T12:19:40Z