Skip to main content

Indicator of compromise (IOCs)

Indicators of compromise (IOCs) refer to data that indicates a system may have been infiltrated by a cyber threat. They provide cybersecurity teams with crucial knowledge after a data breach or another breach in security. In this section, you can create and manage IOCs for your Cases.

note

Please note that you can assign multiple IOCs to a single Case or a single IOC to many Cases.

Types of IOCs

  1. IP Address
  2. URL String
  3. File Hash
  4. Email Address
  5. Host name
  6. Username
  7. Process Name
  8. File Name
  9. MAC Address
  10. Endpoint
  11. Uniform Resource Locator
  12. File
  13. Process
  14. User
  15. Email
  16. Registry Key
  17. Registry Value
  18. Registry UID
  19. GEO Location
  20. Container
  21. Fingerprint
  22. Other
  23. Unknown
info

If you wish to edit the IOC type, simply go to the IOC table, locate the Thumbnail icon next to the IOC Type table heading, and proceed to remove the desired IOC types by clicking the X button, followed by the Save button.

Thumbnail

Creating a New IOC

note

Please note, you can also create IOCs directly from the main IOC table. Simply navigate to the IOC table and click on the New IOC button located in the top-right corner and fill out the required parameters.

  1. Double click on the Case you want to attach the IOC(s) to, navigate to the Table Tab in the Overview Section of the selected Case, and in the top-right conner select the New Record button.
Thumbnail
  1. A dialog box for creating a new record will appear.
Thumbnail
  1. Fill in all the necessary fields.
FieldsDescription
NameThe name of the IOC.
IOC TypeThe type of the IOC.
ValueThe value of the IOC
Description (Optional)A written description for the IOC
Linked CasesThe Name and ID of the Case(s) you want to link to this current IOC.
Linked AlertsThe Name and ID of the Alerts(s) you want to link to this current IOC.
Linked IOCsThe Name and ID of the IOC(s) you want to link to this current IOC.
Linked AttachmentsThe Name and ID of the Attachment(s) you want to link to this current IOC.
Linked TasksThe Name and ID of the Task(s) you want to link to this current IOC.
  1. Once completed, select the Add Record button in the bottom-right corner.
Thumbnail