When creating a BIOC rule, which XQL query can be used?

PCDRA 0 Comments

When creating a BIOC rule, which XQL query can be used?
A . dataset = xdr_data
| filterevent_sub_type = PROCESS_START and
action_process_image_name ~= ".*?.(?:pdf|docx).exe"
B . dataset = xdr_data
| filter event_type = PROCESS and
event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?.(?:pdf|docx).exe"
C . dataset = xdr_data
| filter action_process_image_name ~= ".*?.(?:pdf|docx).exe"
| fields action_process_image
D . dataset = xdr_data
| filter event_behavior = true
event_sub_type = PROCESS_START and
action_process_image_name ~=".*?.(?:pdf|docx).exe"

Answer: B

Explanation:

Reference: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/investigation-and-response/cortex-xdr-indicators/working-with-biocs/create-a-bioc-rule.html

Latest PCDRA Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PCDRA PDF     PCDRA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments