Which Type of IOC can you define in Cortex XDR?

PCDRA V2 0 Comments

Which Type of IOC can you define in Cortex XDR?
A . destination port
B . e-mail address
C . full path
D . App-ID

Answer: C

Explanation:

Cortex XDR allows you to define IOCs based on various criteria, such as file hashes, registry keys, IP addresses, domain names, and full paths. A full path IOC is a specific location of a file or folder on an endpoint, such as C:WindowsSystem32calc.exe. You can use full path IOCs to detect and respond to malicious files or folders that are located in known locations on your endpoints12.

Let’s briefly discuss the other options to provide a comprehensive explanation:

A) destination port: This is not the correct answer. Destination port is not a type of IOC that you can define in Cortex XDR. Destination port is a network attribute that indicates the port number to which a packet is sent. Cortex XDR does not support defining IOCs based on destination ports, but you can use XQL queries to filter network events by destination ports3.

B) e-mail address: This is not the correct answer. E-mail address is not a type of IOC that you can define in Cortex XDR. E-mail address is an identifier that is used to send and receive e-mails. Cortex XDR does not support defining IOCs based on e-mail addresses, but you can use the Cortex XDR – IOC integration with Cortex XSOAR to ingest IOCs from various sources, including e-mail addresses4.

D) App-ID: This is not the correct answer. App-ID is not a type of IOC that you can define in Cortex XDR. App-ID is a feature of Palo Alto Networks firewalls that identifies and controls applications on the network. Cortex XDR does not support defining IOCs based on App-IDs, but you can use the Cortex XDR Analytics app to create custom rules that use App-IDs as part of the rule logic5.

In conclusion, full path is the type of IOC that you can define in Cortex XDR. By using full path IOCs, you can enhance your detection and response capabilities and protect your endpoints from malicious files or folders.

Reference: Create an IOC Rule

XQL Reference Guide: Network Events Schema Cortex XDR – IOC

Cortex XDR Analytics App

PCDRA: Which Type of IOC can define in Cortex XDR?

Latest PCDRA Dumps Valid Version with 60 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download PCDRA PDF     PCDRA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments