Which two types of indicators of compromise (IOCs) can be created in Cortex XDR?

In Cortex XDR, indicators of compromise (IOCs) are essential for detecting and responding to security incidents. Among the mentioned options, hash is a type of IOC that is vital for identifying specific files based on their unique cryptographic fingerprint. By using a hash, security professionals can accurately determine whether a file is benign or malicious. This is particularly important because hashes can identify files with precision, regardless of their names or locations, making them a powerful tool in threat detection.

Hashes are commonly used to track known malware and to verify the integrity of files as they remain consistent even if the file's metadata changes. This allows for efficient and effective monitoring and analysis of potential security threats, making the use of hashes a crucial component in the investigation and mitigation of incidents.

The other types of IOCs such as registry entries, hostnames, and file paths can also serve as indicators, but they do not provide the same level of specificity and reliability in identifying particular malicious files as hashes do. For example, registry entries can vary across different systems, and file paths may change, potentially leading to inconsistencies in detection. Meanwhile, hostnames can be associated with legitimate services, making them less definitive in confirming malicious activity. Thus, the focused and precise nature of hashes solid