In the Cortex XDR, we are getting an alert indicating Behavioral threat detected (rule: bioc.syscall.remote banker behavior). Although the file is blocked which is benign, the is no information related to the rule. Does anyone have a clear idea about the rule?
@KanwarSingh01 my apologies if I missed it, but is there a central location or notification of what the list of BTP rules looks like? What is their contents? When were they applied, etc? Perhaps I am totally missing it, but I don't know where to find that. Weather its for this particular one or ANY BTP rule (Behavioral threat detected (rule: bioc.syscall.entrypoint_patching) OR Behavioral threat detected (rule: heuristic.agb.5637) OR Behavioral threat detected (rule: accessibility_feature_escalation), etc
I mean the name has some clue to what its doing but is there insight as a Cortex XDR admin, you have of them and the BTP list looks like? What they do, when they were last changed or had updates to them?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!