The users now can upload IOCs with the following features and enhancements
IOC File Upload Workflow
-
A "Browse" button has been added under the Threat Hunting section to allow users to upload files containing IOCs (Indicators of Compromise).
-
Upon clicking the "Browse" button, users will be presented with a
wizard interface
that includes the following fields and features:
- Name: Input field for the file name.
- Instructions: Clear guidance on the supported file formats and size.
- IOC Limit: Maximum of 100 IOCs per scan.
- File Size Limit: Files up to 1MB only.
- Supported File Format: CSV format exclusively.
- Sample Template: An option to download a sample CSV template for guidance.
Wizard Actions
-
Two primary actions are available in the wizard:
-
Save:
- Saves the uploaded file and redirects the user to the Saved Files section.
- Users can view the file contents in the Saved Files section.
-
Apply:
- Processes the file and displays the results directly.
-
Query Filter Enhancements
- Users can now apply additional filters to narrow down results on the results page after file processing, allowing for more precise and targeted investigations.
File Retention Policy
- Files uploaded to the system will now be stored for 7 days only. After this period, files will be automatically deleted from the system.
- A message indicating this policy has been added to the file upload screen to ensure users are informed before uploading.