The Inject IoC (Indicator of Compromise) widget allows a user to inject an IoC, such as a domain, IP, or URL, into a NL-Find-IoCs node. The NL-Find-IoCs node scans the buffer for URLs, domains, IPs, MD5, SHA1, and SHA256 hashes. The buffer of indicators should have some type of white space between the indicators. Clicking the inject button creates a new message for injection into the flow at the selected NL-Find-IoCs node.
The mechanism provides a means for manually initiating flow events without waiting for an external event to trigger an action. This is a proactive mechanism for trusting or distrusting various IoC types.
|Injection Node||An existing flow node at which the message will be injected.|