The Indicators tab provides a detailed overview of all newly detected IoCs. IoC includes IP addresses, domain names, file hashes, and URLs that can be used to detect malicious activity. These indicators help to detect, analyse and respond to cyber threats effectively.
The Indicators tab provides the graphical and tabular presentation of IoC. You can view the IoC details and filter the IoC chart by specific date range that is last 1 day, last 7 days, last 1 month, last 3 months, last 1 year, and can select a custom date range as well.
Viewing the IoC Details
You can view the IoC details such as description or IoC name, type of IoC, ratings, and first and last seen in the tabular format.
To view the details of each IoC:
- On the Seqrite Threat Intelligence portal, click Indicators in the left pane.
- On the Indicators page, select the indicator and click the > icon.
The indicator details page displays the following details: - Indicator Overview: Risk score, confidence score, and the description of the IoC.
- Attributes: Key properties such as source, detection date, and type.
- TTP Mappings: Links to tactics, techniques, and procedures associated with the IoC.
- Associations: Known relations with Threats Actors, Malware or IoCs.
- Recommendations: Recommended action for selected IoC.
Selecting Column from the Column Selector
The Column Selector allows you to customize the table view. You can choose the desired column to display on a table.
- To choose columns, click on the Indicators page, and select the desired column.
Note: You can choose up to 7 columns to display.
Filtering the IoC List
You can filter the IoC list to refine results based on attributes or categories.
To filter the IoC list, follow these steps:
- On the Seqrite Threat Intelligence portal, click Indicators in the left pane.
- On the Indicators page, click
. - Enter the attribute that is indicator name, type, ratings, first seen date, or the last seen date, and click Apply.
The system displays filtered data.
Exporting IoC as a CSV/STIX
You can download all IoCs currently visible on the page in the CSV or STIX format.
To export/download the IoCs:
- On the Seqrite Threat Intelligence portal, click Indicators in the left pane.
- On the Indicators page click Export, select the format that is CSV or STIX 2.1, and then click Export.
Viewing IoC Export History
Export History shows a record of all the Indicators of Compromise (IoCs) that have been exported by the user.
Export History provides a record that is export name, format (STIX or CSV), file size, created date, and status.
- To view the export history, click Export History on the Indicators page.
The list of exported IoCs is displayed.