When creating a BIOC rule, which XQL query can be used?

Business, Finance, Economics, Accounting, Operations Management, Computer Science, Electrical Engineering, Mechanical Engineering, Civil Engineering, Chemical Engineering, Algebra, Precalculus, Statistics and Probabilty, Advanced Math, Physics, Chemistry, Biology, Nursing, Psychology, Certifications, Tests, Prep, and more.
Post Reply
answerhappygod
Site Admin
Posts: 899589
Joined: Mon Aug 02, 2021 8:13 am

When creating a BIOC rule, which XQL query can be used?

Post by answerhappygod »

When creating a BIOC rule, which XQL query can be used?

A. dataset = xdr_data
| filter event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
B. dataset = xdr_data
| filter event_type = PROCESS and
event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
C. dataset = xdr_data
| filter action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
| fields action_process_image
D. dataset = xdr_data
| filter event_behavior = true
event_sub_type = PROCESS_START and
action_process_image_name ~= ".*?\.(?:pdf|docx)\.exe"
Join a community of subject matter experts. Register for FREE to view solutions, replies, and use search function. Request answer by replying!
Top

This question has been solved and has 1 reply.

You must be registered to view answers and replies in this topic. Registration is free.


Register Login
 
Post Reply

Return to “Archived Questions & Answers”