IOC

Indicator Of Compromise (IOC) shows the signs of malicious activity in STIX format. You can add IOC file to the server in .xml, .zip or .tgz format.

From IOC, you can:

• Check detected IOC information
• Export registered IOC information in *.xml format
• Import IOC file

Note

IOC only supports STIX format. STIX 1.2 supports file and address objects and URI objects.

IOC List

Check the IOC information (Name, Registration Date, Detection Count and Detection Date).

1. On the top of the web page, click Detection.
2. From the menu, select Detection > IOC.
3. Specify the period or type a keyword to search for specific IOC information. To search for specific IOC information, enter the Name and click Search().

• Import IOC: Import IOC information. Upload IOC file (.xml) or .zip file to the server.
• All: The total number of IOC.
• Delete: Select the IOC information to delete from the list, and click the Delete () icon on the left.
• Export (): Click Export() on the left of the IOC information to export. If you export the information, it will be in the format of *.xml.
• Name: The IOC name. If IOC detects any malicious activity, the IOC name will be the detection name.
• Suspicious Behavior Count: The number of suspicious behaviors. Click the number to go to Detection Status.

Note

The detection count could change when the information gets updated while moving to another page.

• Registration Date: The date IOC was registered.
• Detection Time: The last detection time.

Import IOC

Note

a) IOC only supports STIX format.
- You can upload the IOC file in .xml or .zip format to the server.
b) STIX 1.2 supports:
- file and address objects
- URI objects

Click Import on the bottom to import IO information. You can upload the IOC file in .xml or .zip format to the server. To import IOC information:

1. On the top of the web page, click Detection.
2. From the menu, select Detection > IOC.
3. Click Import.
4. In <Import IOC>, click Browse.... Upload the IOC file in .xml or .zip format.

5. Click Upload File. If the file type is not supported, an error message will appear.
6. The IOC file upload progress and completion message will appear and then disappear.

Search

Search for IOC information using the IOC name.

Period

Select the period to check the IOC information - Last 24 hours, Last 48 hours, Last 7 days, Last 14 days or Last 30 days - or click User-defined to specify the period.