You can use IOC files to search indicators of compromise on computers with Kaspersky Endpoint Agent installed.
Users with the Senior security officer role can upload, delete, download IOC files to their computer, enable or disable the search of indicators of compromise using IOC files, as well as configure the schedule for searching indicators of compromise on computers with Kaspersky Endpoint Agent program installed.
Users with the Security officer and Security auditor roles can view the list of IOC files and information about the selected file, and download IOC files to the computer.
IOC files can have the following types:
To view the list of supported OpenIOC indicators of compromise, you can download this file.