This website uses Cookies. By clicking Accept, you agree to the storing of cookies on your device to enhance your community and translation experience. Read our Privacy Policy.
Click Preferences to customize your cookie settings.
Accept
Reject
Preferences

IOC Function

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

IOC Function

Muhammad-Rusli
L1 Bithead

‎08-19-2021 07:03 PM

Hi Everyone,

 

Until now, I cant understood a function from IOC in Cortex XDR.

Could please share to me what's a main function IOC XDR?

Because I have tried to create new rules, for block link m.facebook , like a picture.

 

MuhammadRusli_0-1629424930850.png

 

But, after that I have tried to access again, and the result I keep can access the URL.

0 Likes Likes
1 REPLY 1

WSeldenIII
L3 Networker

‎08-20-2021 07:41 AM

Hi @Muhammad-Rusli,  XDR Indicator rules (E.g. BIOC and IOC) are detection rules; therefore, they do not include prevention functionality. These rules will create a detection alert once the criteria has been met. You could also create a BIOC rule based on specific behavior and add that BIOC to a Restriction profile. The situation that you described sounds like a use-case to manage external dynamic lists.  Please note, there are some requirements that need to be met in order to leverage this feature: 

 

To maintain an EDL in Cortex XDR, you must meet the following requirements:
  • Cortex XDR Pro per TB or Cortex Pro per Endpoint license
  • An App Administrator, Privileged Investigator, or Privileged Security Admin role which include EDL permissions
  • Palo Alto Networks firewall running PAN-OS 9.0 or a later release
  • Access to your Palo Alto Networks firewall configuration
  • 2284 Views
  • 1 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!

LEGAL NOTICES
RESOURCES
Khoros awards 2022
Copyright 2007 - 2024 - Palo Alto Networks