Viewing the table of IOC files

The table of IOC files contains information about IOC files used for scanning on computers with the Endpoint Sensors component installed; you can find the table in the IOC/IOA Analysis section, IOC Scanner subsection of the program web interface window.

The table of IOC files contains the following information:

—Importance level that will be assigned to an alert generated using this IOC file.
The importance level can have one of the following values:
- —Low importance.
- —Medium importance.
- —High importance.
Type—Type of uploaded IOC file depending on the application operating mode and the server on which the IOC file was uploaded. IOC files can be one of the following types:
- Global—Uploaded to the PCN server. These IOC files are used to scan events on this PCN server and on all SCN servers connected to this PCN server. Scanned events belong to the organization which the user is managing in the program web interface (in the distributed solution and multitenancy mode).
  Operation mode in which the program can be used to protect the infrastructure of several organizations simultaneously.
  
  Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a master control server (Primary Central Node (PCN)) and slave servers (Secondary Central Nodes (SCN)).
- Local—Uploaded to a SCN server. These IOC files are used to scan events on this SCN server. Scanned events belong to the organization which the user is managing in the program web interface (in the distributed solution and multitenancy mode).
Name—Name of the IOC file.
Servers—Name of the server with the Central Node component on which events were scanned based on this IOC file.
Autoscan—Use of an IOC file during an automatic scan of events.
Event scanning using this IOC file can have one of the following statuses:
- Enabled
- Disabled