IOCs Actions

Create IOC

Adding an IOC to a Case by filling in parameters in the step.

Parameter	Description
Name	The name of the IOC
Type	The type of IOC
Value	The value of the IOC
Link Cases	The Name and Id of the Case you want to add the IOC to
Description	A brief explanation of the IOC
Custom Fields (JSON Format)	Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table.

Deleting an IOC from a Case by filling in parameters in the step.

Parameter	Description
IOC ID	The ID of thw IOC: can be the `id` or the `ioc_id` field of the attachments

Updating an already existing IOC in a Case by filling in the following parameters in the step. This action overwrites all of the IOC's data.

Parameter	Description
IOC	The IOC ID
Name	The updated Name of the IOC
Type	The type of IOC
Value	The value of the IOC
Description	A brief explanation explaining the IOC
Custom Fields (JSON Format)	Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table.

Linking an IOC to a target IOC by filling in the following parameters in the step.

Parameter	Description
IOC to Link	The IOC ID to Link
Target IOC	The target IOC ID

Linking an IOC to a Case by filling in the following parameters in the step

Parameter	Description
Case	The Case ID
IOC	The IOC ID

Linking an IOC to a Alert by filling in the following parameters in the step.

Parameter	Description
Alert	The Alert ID
IOC	The IOC ID

Unlinking an IOC from a target IOC by filling in the following parameters in the step.

Parameter	Description
IOC to unlink	The IOC ID to unlink
Target IOC	The target IOC ID

Unlinking an IOC from a Case by filling in the following parameters in the step.

Parameter	Description
Case	The Case ID
IOC	The type and name of the IOC