IOC Rule Details
Manage all indicators of compromise (IOCs) configured from or uploaded to the Cortex XDR app.
page, you can view all indicators of compromise (IOCs) configured from or uploaded to the Cortex XDR app. To filter the number of IOC rules you see, you can create filter by one or more fields in the IOC rules table. From the
IOCpage, you can also manage or clone existing rules.
The following table describes the fields that are available for each IOC rule in alphabetical order.
# OF HITS
The number of hits (matches) on this indicator.
The IOC's class. For example, 'Malware'.
Free-form comments specified when the IOC was created or modified.
The date and time at which the IOC will be removed automatically.
The indicator value itself. For example, if the indicator type is a destination IP address, this could be an IP address such as 126.96.36.199.
Date and time when the IOC was created.
Date and time when the IOC was last modified.
Indicator's reliability level:
Indicator's reputation level. One of Unknown, Good, Bad, or Suspicious.
Unique identification number for the rule.
IOC severity that was defined when the IOC was created.
Rule status: Enabled or Disabled.
Type of indicator: Full path, File name, Host name, Destination IP, MD5 hash.
A list of threat intelligence vendors from which this IOC was obtained.
Recommended For You
Recommended videos not found.