Introduction #
Maltiverse’s IoC (Indicators of Compromise) upload feature in the front end allows users to conveniently upload and manage IoCs directly through the platform. This feature streamlines the process of parsing IoCs from raw text, associating them with relevant metadata, and storing them in a private database accessible only to the Enterprise Customer. The uploaded IoCs can then be utilized through threat intelligence feeds or accessed via API.
How to Use the IoC Upload Feature #
1. Accessing the IoC Upload Form #
To use the IoC upload feature, navigate to the Maltiverse platform and locate the Upload Indicators section in the menu. This section provides an input textbox where you can paste a any text:
2. Pasting IoCs #
Copy and paste the IoCs you want to upload into the designated text input form. Maltiverse will automatically parse the input and identify the IoCs within the provided text that you will notice in the Indicators draft:
3. Complete Information #
After parsing the IoCs, Maltiverse will prompt you to enter metadata associated with each IoC. The following metadata options are available:
- Blacklist Description: Describe any information related to blacklists associated with the IoCs.
- Classification: Choose a classification for each IoC, such as “Malicious,” “Suspicious,” “Neutral,” or “Whitelist.”
- Mitre Attack Threat Actor: Specify any Mitre Attack Threat Actor relevant to the IoCs.
- Tags: Add any additional tags that can help categorize and identify the uploaded IoCs.
4. Review and Confirmation #
Review the parsed IoCs along with their associated metadata. Ensure that all relevant information has been entered accurately. Once satisfied with the IoCs and metadata, click the “Publish Indicators” button. This action will upload the IoCs and their associated metadata to a private database accessible only to you as the customer.
Accessing Uploaded IoCs #
1. Threat Intelligence Feed #
The uploaded IoCs are accessible through the Maltiverse search.
2. API Integration #
For more advanced users and automated processes, Maltiverse provides an API that allows you to programmatically access and consume the uploaded IoCs. The IoCs are now ready get consulted in the corresponding API endpoints.
Conclusion #
Maltiverse’s IoC Upload Feature offers a seamless and user-friendly solution for importing IoCs into the platform, associating them with relevant metadata, and storing them securely in a private database. By utilizing the threat intelligence feed and API integration, users can enhance their cybersecurity efforts and stay informed about potential threats in real-time.
