11-19-2024 05:56 AM
I want to create a BIOC rule that will close web browser (ex. chrome) when I open certain websites (ex. facebook.com and instagram.com). I'm using Network BIOC and I managed to create BIOC rule that applies only to one website (remote host) but I don't see the option where I can add multiple websites (remote hosts). Can you help me with that? Maybe there is another way to create that BIOC rule.
11-19-2024 06:46 AM
Hi @JuliaUrbanska, thanks for reaching us using the Live Community.
You can use the "in" operator to lookup in a list of strings.
Example:
dataset = xdr_data
| filter event_type = ENUM.NETWORK and action_external_hostname in ("facebook.com", "instagram.com", "linkedin.com", "x.com")
If this post answers your question, please mark it as the solution.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
