Requirements for IOC files
When creating IOC Scan tasks, consider the following IOC file requirements and limitations:
- The application supports IOC files with the IOC and XML extensions. These files use open standard for IOC description – OpenIOC versions 1.0 and 1.1.
- Semantic errors and unsupported IOC terms and tags in IOC files do not cause the task to fail. For such sections of IOC files, the application registers the absence of a match.
- IDs of all IOC files used in an IOC Scan task must be unique. Duplicate IDs may affect the correctness of task results.
- We recommend creating an IOC file for each threat. This makes the results of the IOC Scan task easier to read.
The file that can be downloaded by clicking the link below contains a table with the full list of IOC terms of the OpenIOC standard.
Special considerations and limitations of the way the application supports the OpenIOC standard are listed in the table below.
Features and limitations of the OpenIOC standard versions 1.0 and 1.1
Supported conditions | OpenIOC 1.0:
|
Supported attributes of conditions | OpenIOC 1.1:
|
Supported operators |
|
Supported data types |
|
Special considerations for interpreting data types | The The application supports the interpretation of the
|