IOC files having UserItem properties for domain users are not supported.
To upload an IOC file:
In the window of the program web interface, select the User rules section, IOC subsection.
This opens the table of IOC files.
Click Upload.
This opens the file selection window on your local computer.
Select the file that you want to upload and click Open.
Specify the following parameters:
Autoscan—The IOC file is used when automatically scanning Kaspersky Endpoint Agent hosts:
Enabled
Disabled
Name—Name of the IOC file.
Importance—Importance level that will be assigned to an alert generated using this IOC file:
Low.
Medium.
High.
Apply to—Name of the organization and names of the servers which you want to scan using this IOC file (in the distributed solution and multitenancy mode).