Uploading an IOC file

IOC files having UserItem properties for domain users are not supported.

To upload an IOC file:

1. In the program web interface window, select the IOC/IOA Analysis section, IOC Scanner subsection.

   The table of IOC files opens.

2. Click the Upload button.

   The file selection window opens on your local computer.

3. Select the file that you want to upload and click the Open button.
4. Specify the following parameters:
   1. Autoscan—Use of an IOC file during an automatic scan of events:
      • Enabled
      • Disabled
   2. Name—Name of the IOC file.
   3. Importance—Importance level that will be assigned to an alert generated using this IOC file:
      • Low.
      • Medium.
      • High.
   4. Apply to—Name of the organization and names of the servers on which you want to scan events based on this IOC file (in the distributed solution and multitenancy mode).
5. Click the Save button.

The IOC file will be uploaded in XML format.

See also IOC scan of events Viewing the table of IOC files Viewing information about an IOC file Downloading an IOC file to a computer Enabling and disabling the automatic use of an IOC file when scanning events Deleting an IOC file Searching IOC scan results Filtering and searching IOC files Clearing an IOC file filter Configuring an IOC scan schedule Supported OpenIOC Indicators of Compromise

Page top