The Indicators tab provides a detailed overview of all newly detected IoCs. IoC includes IP addresses, domain names, file hashes (MD5, SHA1, SHA 256), and URLs that can be used to detect malicious activity. These indicators help to detect, analyse and respond to cyber threats effectively.
The Indicators tab provides the graphical and tabular presentation of of global and sector specific IOC. You can view the IOC details and filter the IOC chart by specific date range that is last 1 day, last 7 days, last 1 month, last 3 months, last 1 year, and can select a custom date range as well.
Viewing the IOC Details
You can view the IOC details such as description or IOC name, type of IOC, ratings, and first and last seen in the tabular format.
To view the details of each IOC:
- On the Seqrite Threat Intel portal, click Indicators in the left pane.
- On the Indicators page, select the indicator and click the > icon.
The indicator details page displays the following details: - Indicator Overview: Risk score are assigned based on an Internal algorithm which factors prevalence, recency, Feed reputation etc.
- IOC Risk Score Lifecycle: The lifecycle of an IOC’s risk score is now made available to the users in form of a graph.
- Attributes: Attributes: Key properties such as source, detection date, and type. Incase if IOC type as IP address we can get additional attributes such as Country, City, ASN, Geolocation, Hostname, Registrant Information, Open Ports by leveraging enrichment connectors.
- TTP Mappings: Links to tactics, techniques, and procedures associated with the IOC.
- Associations: Known relations with Threats Actors, Malware or IOCs.
- Victimology: Victimology is the study of who attackers target, helping analysts understand patterns across victims, such as industries, and regions.
- Recommendations: Seqrite Threat Intelligence provides mitigation recommendations against every IOC listed.
Selecting Column from the Column Selector
The Column Selector allows you to customize the table view. You can choose the desired column to display on a table.
- To choose columns, click on the Indicators page, and select the desired column.
Note: You can choose up to 7 columns to display.
Filtering the IOC List
You can filter the IOC list to refine results based on attributes or categories.
To filter the IOC list, follow these steps:
- On the Seqrite Threat Intel portal, click Indicators in the left pane.
- On the Indicators page, click
. - Enter the attribute that is indicator name, type, risk ratings,confidence rating, first seen date, or the last seen date, tags, status (active/inactive), and click Apply.
The system displays filtered data.
Exporting IOC as a CSV/STIX
You can download all IOCs currently visible on the page in the CSV or STIX format.
To export/download the IOCs:
- On the Seqrite Threat Intelligence portal, click Indicators in the left pane.
- On the Indicators page click Export, select the format that is CSV or STIX 2.1, and then click Export.
Viewing IOC Export History
Export History shows a record of all the Indicators of Compromise (IOCs) that have been exported by the user.
Export History provides a record that is export name, format (STIX or CSV), file size, created date, and status.
- To view the export history, click Export History on the Indicators page.
The list of exported IOCs is displayed.