Indicators of Compromise
The Indicators of Compromise report displays a filterable, sortable list of indicators of compromise, IoCs. Each row in the report provides a trust level about the IoC and a clickable link, via the icon, to all the incidents which encountered the IoC. The IoCs in the table do not necessarily represent dangers, just the set of URL, domains, IP addresses, or hashes which have been encountered by the system.
|Trust||The trust level associated with the IoC ranges from zero (0 - Untrusted) to ten (10 - Trusted). The trust level can be used within the flows to modify the behavior of new incidents as their messages traverse the system flows. This column can be filtered by the trust value by selecting a value or range of values from the drop down list.|
|IoC||The matching set of URLs, domains, IP addresses, or hashes. The results can be searched and filtered by type. Clicking the icon will bring a dialog showing all the incidents which encountered the IoC.|
|Initial Occurrence||The first encountered occurrence of the IoC.|
|Latest Occurrence||The most recent encountered occurrence of the IoC.|
All filtering options are remember across page reloads.
Not applicable to this report type.