08-05-2024 01:29 AM
I am writing to inquire about the procedure for modifying the severity levels of BIOCs (Behavioral Indicators of Compromise) within the Analytics module of Cortex XDR. Specifically, we are looking to understand how to create or adjust a custom rule where we can manually add a BIOC and select its severity level according to our needs.
Could you please provide guidance or documentation on how to achieve this? Detailed instructions or any relevant steps to create or modify such a rule would be greatly appreciated.
08-05-2024 07:50 AM
Hi @m.seyid
When you created a BIOC rule
In Detection Rules > BIOC > Right click over BIOC rule and select edit
And here you will change the severity
08-06-2024 01:08 AM
Hi Alejandro_Hernandez,
Thank you for your response. However, what I need to change is not the BIOC itself, but the severity of the Analytics section.
I can show you this picture as an example
08-06-2024 10:56 AM
Hi @m.seyid
Checking the Analytics BIOC rules, here is not possible to modify the severity
The only way to modify is when the alert is generated and set the new severity
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
