In the Cortex XDR, we are getting an alert indicating Behavioral threat detected (rule: bioc.syscall.remote banker behavior). Although the file is blocked which is benign, the is no information related to the rule. Does anyone have a clear idea about the rule?
We would recommend you to open up a support case with palo alto where you will have to submit the alert data for them to investigate.
The rule which you have mentioned alone does not signify much as this is a friendly name to one of the rule set in EDR.
I have already opened the case with them and they confirmed my case as a FP but the issue is that there is no explanation about it. As long as there is no explanation, it cannot be decide whether the alert is a FP or a real threat.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!