An OpenIOC file is an XML file which contains one or more Indicators of
Compromise (IOCs). Verify that the OpenIOC file uses indicator terms supported by
the type of
investigation selected.
The table below lists the OpenIOC indicators supported for Detection & Response advanced
email assessments.
|
Category
|
Item
|
Required Condition
|
|
EMAIL
|
FROM
|
IS
|
|
RECEIVEDFROMIP
|
IS
|
|
|
RECEIVEDFROMHOST
|
IS
|
|
|
TO
|
IS
|
|
|
SUBJECT
|
CONTAINS
|
|
|
ATTACHMENTNAME
|
IS
|
|
|
BODY
|
CONTAINS
|
|
|
FILEITEM
|
FILENAME
|
IS
|
|
SHA1SUM
|
IS
|
|
|
SHA256SUM
|
IS
|
|
|
FILEEXTENSION
|
IS
|
|
|
NETWORK
|
URL
|
IS
|