This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Cookie Policy. Click Preferences to customize your cookie settings.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- LIVEcommunity
- Discussions
- Security Operations
- Cortex XDR Discussions
- Who rated this post
Who rated this post
Options
- Mark as New
- Subscribe to RSS Feed
- Permalink
05-12-2022 07:25 AM
We created a bioc using a reg key
Seems to work
preset = xdr_registry
| filter (action_registry_key_name contains "HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\USBSTOR\Enum" and event_sub_type = REGISTRY_CREATE_KEY)
LEGAL NOTICES
Copyright 2007 - 2023 - Palo Alto Networks