Best way to exclude legitimate behaviours
When it comes to excluding legitimate behaviours from BIOC rules, as far as I can see, there are 3 options:
- Modify the BIOC rule itself adding "not equal to" logic.
- Add BIOC rule exclusion at https://<organisation>.xdr.eu.paloaltonetworks.com/rules/exc