Hi Palo Alto Team and Community!
I am recently working on Custom Prevention Rules on Restriction Profiles on Cortex XDR.
I understand that I need to create user defined BIOC then attach it to a Restriction Profile for it to be a custom prevention rule where I can set it to Block as intended.
The problem here is, there are some BIOC that I cannot attach to a Restriction Profile such as BIOC with a hash an external IP address.
Are there limitations to user defined BIOC for it to be attached to a Restriction Profile?
I managed to create a user defined BIOC that I have successfully attached to a Restriction Profile (e.g. A file create and write user defined BIOC).
Would be interesting to know the limitations.
Hey @MarvinC there are two use cases you seem to be aiming at. Let me address them individually:
1. blocking hashes - one option is to add them to the global Block list. In this case, hope this helps:
2. Blocking IP addresses: You can use Host Firewalls (recommended and easily managed). Alternately, use BIOC's .
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!