Uploading an IOC file

IOC files having UserItem properties for domain users are not supported.

To upload an IOC file:

1. In the window of the program web interface, select the Custom rules section, IOC subsection.

   This opens the table of IOC files.

2. Click Upload.

   This opens the file selection window on your local computer.

3. Select the file that you want to upload and click Open.
4. Specify the following parameters:
   1. Autoscan—The IOC file is used when automatically scanning Kaspersky Endpoint Agent hosts:
      • Enabled
      • Disabled
   2. Name—Name of the IOC file.
   3. Importance—Importance level that will be assigned to an alert generated using this IOC file:
      • Low.
      • Medium.
      • High.
   4. Apply to—Name of the tenant and names of the servers which you want to scan using this IOC file (in distributed solution and multitenancy mode).

      Operation mode in which Kaspersky Anti Targeted Attack Platform is used to protect the infrastructure of multiple organizations or branch offices of the same organization simultaneously.

      Two-level hierarchy of servers with Central Node components installed. This hierarchy allocates a primary control server (Primary Central Node (PCN)) and secondary servers (Secondary Central Nodes (SCN)).

5. Click Save.

The IOC file will be uploaded in XML format.

See also Managing user-defined IOC rules Viewing the table of IOC files Viewing information about an IOC file Downloading an IOC file to a computer Enabling and disabling the automatic use of an IOC file when scanning hosts Deleting an IOC file Searching for alerts in IOC scan results Searching for events using an IOC file Filtering and searching IOC files Clearing an IOC file filter Configuring an IOC scan schedule

Page top