Indicators of Compromise
The Indicators of Compromise report displays a filterable, sortable list of indicators of compromise, IoCs. Each row in the report provides a trust level about the IoC and a clickable link, via the icon, to all the incidents which encountered the IoC. The IoCs in the table do not necessarily represent dangers, just the set of URL, domains, IP addresses, or hashes which have been encountered by the system.
|Trust Level||The trust level associated with the IoC ranges from zero (0 - Untrusted) to ten (10 - Trusted). The trust level can be used within the flows to modify the behavior of new incidents as their messages traverse the system flows. This column can be filtered by the trust value by selecting a value or range of values from the drop down list.|
|IoC||The matching set of URLs, domains, IP addresses, or hashes. The results can be searched and filtered by type. Clicking the icon will display a dialog showing all the incidents which encountered the IoC.|
|Initial Occurrence||The first encountered occurrence of the IoC.|
|Latest Occurrence||The most recent encountered occurrence of the IoC.|
|Reset Trust Level||Date when the Domain, IP Address, or URL will be reset to a trust level of five (5 - Unknown).|
All filtering options are remembered across page reloads.
Not applicable to this report type.