https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/creation-rules-or-policy/m-p/999959#M7644 <P><SPAN>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/451077209">@J.Lopes279044</a>&nbsp;<BR /><BR />Thanks for your query on LC!<BR /><BR />Generally if you are looking at an use case to block something in your infra using XDR there are two ways to do this</SPAN></P> <P>&nbsp;</P> <P><SPAN> 1. you may utilize the restrictions profile to block a file based on its name. use wildcard* to generally call all location.&nbsp;<BR />Ref-&nbsp;&nbsp;</SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Restrictions-Security-Profile" target="_blank" rel="noopener" data-aura-rendered-by="210:28162;a">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Restrictions-Security-Profile</A><SPAN> - You can test it few test endpoints initially, finetune and push to others accordingly. </SPAN></P> <P>&nbsp;</P> <P><SPAN>2. Using a custom BIOC rule and call it under restriction profile. </SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details" target="_blank" rel="noopener" data-aura-rendered-by="210:28162;a">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details</A><SPAN>&nbsp;<BR /><BR /></SPAN></P> <P><SPAN>Give it a like and mark as solution if this helped.<BR /><BR />Best,</SPAN></P> Thu, 02 Jan 2025 09:10:36 GMT nar 2025-01-02T09:10:36Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/creation-rules-or-policy/m-p/999951#M7643 <P>Greatings everybody</P> <P>I´d like to know how can I create rules or policy for block bitorrent and torrent.</P> <P>&nbsp;</P> Thu, 02 Jan 2025 08:34:57 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/creation-rules-or-policy/m-p/999951#M7643 J.Lopes279044 2025-01-02T08:34:57Z https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/creation-rules-or-policy/m-p/999959#M7644 <P><SPAN>Hi&nbsp;<a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/451077209">@J.Lopes279044</a>&nbsp;<BR /><BR />Thanks for your query on LC!<BR /><BR />Generally if you are looking at an use case to block something in your infra using XDR there are two ways to do this</SPAN></P> <P>&nbsp;</P> <P><SPAN> 1. you may utilize the restrictions profile to block a file based on its name. use wildcard* to generally call all location.&nbsp;<BR />Ref-&nbsp;&nbsp;</SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Restrictions-Security-Profile" target="_blank" rel="noopener" data-aura-rendered-by="210:28162;a">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/Add-a-New-Restrictions-Security-Profile</A><SPAN> - You can test it few test endpoints initially, finetune and push to others accordingly. </SPAN></P> <P>&nbsp;</P> <P><SPAN>2. Using a custom BIOC rule and call it under restriction profile. </SPAN><A href="https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details" target="_blank" rel="noopener" data-aura-rendered-by="210:28162;a">https://docs-cortex.paloaltonetworks.com/r/Cortex-XDR/Cortex-XDR-Pro-Administrator-Guide/BIOC-Rule-Details</A><SPAN>&nbsp;<BR /><BR /></SPAN></P> <P><SPAN>Give it a like and mark as solution if this helped.<BR /><BR />Best,</SPAN></P> Thu, 02 Jan 2025 09:10:36 GMT https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/creation-rules-or-policy/m-p/999959#M7644 nar 2025-01-02T09:10:36Z