XDR Global BIOC rules

OrkanAlibayli — Fri, 07 May 2021 13:02:40 GMT

Hello.

If Restrictions profile for Windows is default then they don`t directly affect windows endpoints. We must edit and and apply them for getting protection in endpoints. But in Linux it is not same. Even if Restriction profile is default, XDR can generate alert base on global BIOC. I want to know why there are such difference?

Thanks!

Re: XDR Global BIOC rules

mabutbul — Tue, 11 May 2021 09:09:20 GMT

Hey Orkan,

Not sure I completely got your question so tell if the following helps with understanding the flow:

Restriction profile allows you to apply custom made BIOC's that upon detection will be prevented by the agent, in case you are using the default profiles then no prevention will take place but the detection will happen if the BIOC rule is configured in your BIOC repository (preconfigured or custom made BIOCs).

BIOC's will trigger detection alerts regarding the fact that no prevention rule configured in the restriction profile, those are 2 different capabilities that can be linked in order to enhance the prevention capabilities.

is that answer you question?

thanks,

topic XDR Global BIOC rules in Cortex XDR Discussions

XDR Global BIOC rules

Re: XDR Global BIOC rules