XDR Global BIOC rules

cancel
Showing results for 
Search instead for 
Did you mean: 

XDR Global BIOC rules

L2 Linker

Hello.

If Restrictions profile for Windows is default then they don`t directly affect windows endpoints. We must edit and and apply them for getting protection in endpoints. But in Linux it is not same. Even if Restriction profile is default, XDR can generate alert base on global BIOC. I want to know why there are such difference? 

Thanks!

1 REPLY 1

L1 Bithead

Hey Orkan,

 

Not sure I completely got your question so tell if the following helps with understanding the flow:

Restriction profile allows you to apply custom made BIOC's that upon detection will be prevented by the agent, in case you are using the default profiles then no prevention will take place but the detection will happen if the BIOC rule is configured in your BIOC repository (preconfigured or custom made BIOCs).

BIOC's will trigger detection alerts regarding the fact that no prevention rule configured in the restriction profile, those are 2 different capabilities that can be linked in order to enhance the prevention capabilities.

 

is that answer you question?

 

thanks,

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!