The Inject IoC (Indicator of Compromise) widget allows a user to inject an IoC, such as a domain, IP, or URL, into a NL-Find-IoCs node configured to scan a buffer from the incoming message. The NL-Find-IoCs node scans the buffer for URLs, domains, IPs, MD5, SHA1, and SHA256 hashes. The buffer of indicators should have some type of white space between the indicators. Clicking the inject button creates a new message for injection into the flow at the selected NL-Find-IoCs node.
The mechanism provides a means for manually initiating flow events without waiting for an external event to trigger an action. This is a proactive mechanism for trusting or distrusting various IoC types.
|Injection Node||An existing