<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Cortex XDR capabilities to detect phishing attacks in Cortex XDR Discussions</title>
    <link>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-capabilities-to-detect-phishing-attacks/m-p/1258972#M9443</link>
    <description>&lt;P&gt;Hello everyone,&lt;/P&gt;
&lt;P&gt;Im new to Cortex XDR, can someone please tell me if there is BIOC rules or analytic rules to detect advanced phinshing attacks as AiTM,&amp;nbsp; BEC, and more...&lt;/P&gt;
&lt;P&gt;Best regard,&lt;/P&gt;</description>
    <pubDate>Tue, 14 Jul 2026 08:36:24 GMT</pubDate>
    <dc:creator>A.BELKAHLA</dc:creator>
    <dc:date>2026-07-14T08:36:24Z</dc:date>
    <item>
      <title>Cortex XDR capabilities to detect phishing attacks</title>
      <link>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-capabilities-to-detect-phishing-attacks/m-p/1258972#M9443</link>
      <description>&lt;P&gt;Hello everyone,&lt;/P&gt;
&lt;P&gt;Im new to Cortex XDR, can someone please tell me if there is BIOC rules or analytic rules to detect advanced phinshing attacks as AiTM,&amp;nbsp; BEC, and more...&lt;/P&gt;
&lt;P&gt;Best regard,&lt;/P&gt;</description>
      <pubDate>Tue, 14 Jul 2026 08:36:24 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-capabilities-to-detect-phishing-attacks/m-p/1258972#M9443</guid>
      <dc:creator>A.BELKAHLA</dc:creator>
      <dc:date>2026-07-14T08:36:24Z</dc:date>
    </item>
    <item>
      <title>Re: Cortex XDR capabilities to detect phishing attacks</title>
      <link>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-capabilities-to-detect-phishing-attacks/m-p/1258985#M9445</link>
      <description>&lt;P&gt;Hello&amp;nbsp;&lt;a href="https://live.paloaltonetworks.com/t5/user/viewprofilepage/user-id/731754273"&gt;@A.BELKAHLA&lt;/a&gt;&amp;nbsp;,&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Greetings for the day.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P data-end="341" data-start="0"&gt;Cortex XDR employs a multi-layered detection strategy to identify advanced phishing attacks, including Business Email Compromise (BEC) and Adversary-in-the-Middle (AiTM) techniques. These detections are primarily handled through a combination of Behavioral Indicators of Compromise (BIOCs), Analytics BIOCs (ABIOCs), and XDR Analytics rules.&lt;/P&gt;
&lt;P data-end="341" data-start="0"&gt;&amp;nbsp;&lt;/P&gt;
&lt;P data-end="472" data-start="397"&gt;Cortex XDR uses different rule types to detect various stages of an attack:&lt;/P&gt;
&lt;UL data-is-last-node="" data-is-only-node="" data-end="1233" data-start="474"&gt;
&lt;LI data-end="801" data-start="474" data-section-id="1778lfu"&gt;&lt;STRONG data-end="500" data-start="476"&gt;XDR Analytics Rules:&lt;/STRONG&gt; Use machine learning and behavioral analytics to identify complex attacks by analyzing data over time and detecting deviations from normal behavior. These rules are particularly effective for detecting BEC by identifying anomalous user activities, such as suspicious logins or unusual mailbox access.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI data-end="1074" data-start="803" data-section-id="ln78uy"&gt;&lt;STRONG data-end="834" data-start="805"&gt;Analytics BIOCs (ABIOCs):&lt;/STRONG&gt; Detect individual events that significantly deviate from the established behavioral baseline within your environment. For example, they can trigger when an administrator performs an action that has not been observed for an extended period.&lt;BR /&gt;&lt;BR /&gt;&lt;/LI&gt;
&lt;LI data-is-last-node="" data-end="1233" data-start="1076" data-section-id="1vmlpe2"&gt;&lt;STRONG data-end="1097" data-start="1078"&gt;Standard BIOCs:&lt;/STRONG&gt; Monitor specific sequences of endpoint activity, including file, process, registry, and network events, to identify malicious behavior.&lt;/LI&gt;
&lt;/UL&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;For more information's or clarification on this, Please reach out to your &lt;STRONG&gt;Accounts team/PS team.&lt;/STRONG&gt;&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;If you feel this has answered your query, please let us know by clicking&amp;nbsp;&lt;STRONG&gt;like&amp;nbsp;&lt;/STRONG&gt;and on&amp;nbsp;&lt;STRONG&gt;"mark this as a Solution"&lt;/STRONG&gt;.&lt;/P&gt;
&lt;P&gt;&amp;nbsp;&lt;/P&gt;
&lt;P&gt;Thanks &amp;amp; Regards,&lt;BR /&gt;S. Subashkar Sekar&lt;/P&gt;</description>
      <pubDate>Tue, 14 Jul 2026 15:40:54 GMT</pubDate>
      <guid>https://live.paloaltonetworks.com/t5/cortex-xdr-discussions/cortex-xdr-capabilities-to-detect-phishing-attacks/m-p/1258985#M9445</guid>
      <dc:creator>susekar</dc:creator>
      <dc:date>2026-07-14T15:40:54Z</dc:date>
    </item>
  </channel>
</rss>

