Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
01-23-2024 01:34 AM
Hello team,
Does Cortex XDR BIOC analytics alerts get blocked after setting Global Behavioral Threat Protection to block ? or how Cortex XDR decide to block/detect the behavioral threat alert?
01-29-2024 04:43 AM
Hello @tejaspatil12
Thanks for reaching out on LiveCommunity!
Analytics BIOC alerts are for detect/alert purpose they do not provide block functionality. Analytics BIOCs are not produced in real time and therefore cannot block. Please take a look at the Analytics Concepts. for a better understanding of how analytics work. Essentially it's looking at a lot of different factors after the event to determine the larger picture.
By looking into the activity that caused the alert you may be able to find similarities you can use to create a high fidelity BIOC and then you can configure BIOC rules as custom prevention rules and incorporate them with your Restrictions profiles.
Please click Accept as Solution to acknowledge that the answer to your question has been provided.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
