IOC Export
The IOC Export page allows you to export the IOC file in CSV or STIX format for a specified time period. The CSV file can be processed by third party Threat Intelligence Platforms. The file contains the TimeStamp, Incident ID, Attacker IP, related files, and WCF (Web Content Filtering) events. You can include MD5 checksums, WCF category, and reconnaissance alerts.
To export the IOC as a CSV file:
- Go to Fabric > IOC Export.
- Specify the date range by setting the date and time in the From and To fields.
- (Optional) Include or exclude the following files and alerts:
Include File MD5
Include WCF Category
Exclude Reconnaissance Alerts
- Click Export as CSV
To Push the IOC over STIX/TAXII server
- Go to Fabric > IOC Export.
- Specify the date range by setting the date and time in the From and To fields.
- Enable STIX/TAXII Integration.
- Configure the export settings:
- Click Export as STIX to push the export over the protocol in real time.