IOCs Actions
Create IOC
Adding an IOC to a Case by filling in parameters in the step.
| Parameter | Description |
|---|---|
| Name | The name of the IOC |
| Type | The type of IOC |
| Value | The value of the IOC |
| Link Cases | The Name and Id of the Case you want to add the IOC to |
| Description | A brief explanation of the IOC |
| Custom Fields (JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
| Advanced- Dedup Table | The selected table to evaluate the duplicated condition (Dedup Condition)against. |
| Advanced- Dedup Condition | The duplicate condition to check wether to insert the record or not. When the condition is met, the record will not be inserted. |
| Advanced- Linked IOCs | The Name and ID of the IOC you want to link to this IOC |
| Advanced- Linked Alerts | The Name and ID of the Alert you want to link to this IOC. |
| Advanced- Linked Attachments | The Name and ID of the Attachment you want to link to this IOC. |
| Advanced- Linked Tasks | The Name and ID of the Tasks you want to link to this IOC. |
| Advanced- Linked Cases | The Name and ID of a different Case you want link to this IOC |
Delete IOC
Deleting an IOC from a Case by filling in parameters in the step.
| Parameter | Description |
|---|---|
| IOC ID | The ID of thw IOC: can be the id or the ioc_id field of the attachments |
Update IOC
Updating an already existing IOC in a Case by filling in the following parameters in the step. This action overwrites all of the IOC's data.
| Parameter | Description |
|---|---|
| IOC | The IOC ID |
| Name | The updated Name of the IOC |
| Type | The type of IOC |
| Value | The value of the IOC |
| Description | A brief explanation explaining the IOC |
| Custom Fields(JSON Format) | Add a Custom Field in JSON format. Please note that this applies only if you have manually added a custom record column to the subject table. |
