Manage all indicators of compromise (IOCs) configured from or uploaded to Cortex XDR.
In the Cortex XDR. To filter the number of IOC rules you filter by one or more fields in the IOC rules table. You can also manage or clone existing rules.
→ page, you can view all indicators of compromise (IOCs) configured from or uploaded toThe following table describes the fields that are available for each IOC rule in alphabetical order.
Field | Description |
---|---|
# OF HITS | The number of hits (matches) on this indicator. |
BACKWARDS SCAN STATUS | Status of the Cortex XDR search for the first 10,000 matches when the IOC rule was created or edited. Status can be:
|
BACKWARDS SCAN TIMESTAMP | Timestamp of the Cortex XDR search for the first 10,000 matches in your Cortex XDR when the IOC rule was created or edited. |
BACKWARDS SCAN RETRIES | Number of times Cortex XDR searched for the first 10,000 matches in your Cortex XDR when the IOC rule was created or edited. |
CLASS | The IOC's class. For example, 'Malware'. NoteField cannot exceed 36 characters. |
COMMENT | Free-form comments specified when the IOC was created or modified. |
EXPIRATION DATE | The date and time at which the IOC will be removed automatically. |
INDICATOR | The indicator value itself. For example, if the indicator type is a destination IP address, this could be an IP address such as 1.1.1.1. |
INSERTION DATE | Date and time when the IOC was created. |
MODIFICATION DATE | Date and time when the IOC was last modified. |
RELIABILITY | Indicator's reliability level:
|
REPUTATION | Indicator's reputation level. One of Unknown, Good, Bad, or Suspicious. |
RULE ID | Unique identification number for the rule. |
SEVERITY | IOC severity that was defined when the IOC was created. |
SOURCE | User who created this IOC, or the file name from which it was created, or one of the following keywords:
|
STATUS | Rule status: Enabled or Disabled. |
TYPE | Type of indicator: Full path, File name, Host name, Destination IP, MD5 hash. |
VENDORS | A list of threat intelligence vendors from which this IOC was obtained. |