Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

IOC Export

The IOC Export page allows you to export the IOC file in CSV or STIX format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident ID, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.

To export the IOC as a CSV file:
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. (Optional) Include or exclude the following files and alerts:
    • Include File MD5

    • Include WCF Category

    • Exclude Reconnaissance Alerts

  4. Click Export as CSV
To Push the IOC over STIX/TAXII server
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. Enable STIX/TAXII Integration.
  4. Configure the export settings:
    API Root URL Enter the API Root URL.
    TAXII Username Enter the TAXII username.
    TAXII Password Enter the TAXII password.
    Collection ID Enter the Collection ID.
    Certificate File Click Upload a certificate file to upload the certificate file.
    Key File Click to upload the API key file.
    Certificate/Key Verification Enable Certificate/Key Verification.
    Include File MD5 Enable to include the MD5 file.
    Include WCF Category Enable to include the WCF category.
    Include IPS Category Enable to include the IPS category.

  5. Click Export as STIX to push the export over the protocol in real time.

IOC Export

The IOC Export page allows you to export the IOC file in CSV or STIX format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident ID, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.

To export the IOC as a CSV file:
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. (Optional) Include or exclude the following files and alerts:
    • Include File MD5

    • Include WCF Category

    • Exclude Reconnaissance Alerts

  4. Click Export as CSV
To Push the IOC over STIX/TAXII server
  1. Go to Fabric > IOC Export.
  2. Specify the date range by setting the date and time in the From and To fields.
  3. Enable STIX/TAXII Integration.
  4. Configure the export settings:
    API Root URL Enter the API Root URL.
    TAXII Username Enter the TAXII username.
    TAXII Password Enter the TAXII password.
    Collection ID Enter the Collection ID.
    Certificate File Click Upload a certificate file to upload the certificate file.
    Key File Click to upload the API key file.
    Certificate/Key Verification Enable Certificate/Key Verification.
    Include File MD5 Enable to include the MD5 file.
    Include WCF Category Enable to include the WCF category.
    Include IPS Category Enable to include the IPS category.

  5. Click Export as STIX to push the export over the protocol in real time.