Modifying the Configuration File

To change the default configuration settings of the Suspicious Object List Importer, go to the <Control Manager installation directory>\SOTools directory and modify the SuspiciousObjectExporter.exe.config file.

Tip:

Trend Micro recommends creating a backup file of the configuration file before making any modifications.

Key

Description

Example

outputRootFolderPath

Location: <appSettings>

Indicates the working directory for the SuspiciousObjectExporter.exe tool

  • <add key="outputRootFolderPath" value="."/>

    The tool uses the directory in which the SuspiciousObjectExporter.exe program resides to process the lists

  • <add key="outputRootFolderPath" value="C:\Program Files (x86)\Trend Micro\Control Manager"/>

    The tool uses the specified directory (C:\Program Files (x86)\Trend Micro\Control Manager) to process the lists

outputFolderName

Location: <appSettings>

Indicates the output directory for the exported Suspicious Object list file

  • <add key="outputFolderName" value="SOTools"/>

    Exports the file to the <outputRootFolderPath>\SOTools directory

  • <add key="outputFolderName" value="SOList"/>

    Exports the file to the <outputRootFolderPath>\SOList directory

styleSheetFile

Location: <appSettings>

Indicates the style sheet that the tool applies to the exported list

  • <add key="styleSheetFile" value=""/>

    Exports all lists in XML format to a *.txt or *.xml file as specified by the outputFile key

  • <add key="styleSheetFile" value="ExportCSV.xslt"/>

    Used to export the Virtual Analyzer Suspicious Object list, User-Defined Suspicious Object list, or Exception list with a limited subset of columns in CSV format

    Important:

    After selecting the ExportCSV.xslt style sheet, you can no longer configure which columns the tool exports. The tool only exports the columns specified in the style sheet.

  • <add key="styleSheetFile" value="ExportSTIX.xslt"/>

    Used to export all Suspicious Object lists in STIX format

  • <add key="styleSheetFile" value="ExportCPL.xslt"/>

    Used to export all Suspicious Object lists in CPL format

Important:

If you specify a style sheet, you must set the defaultSampleTemplates key to the same value.

outputFile

Location: <appSettings>

Indicates the file name and extension of the exported Suspicious Object list file

Specify a new file extension to change the output file format

  • <add key="outputFile" value="SuspiciousObjectList.xml"/>

    Exports the Suspicious Object list as an *.xml file named SuspiciousObjectList.xml

  • <add key="outputFile" value="SuspiciousObjectList.txt"/>

    Exports the Suspicious Object list as a *.txt file named SuspiciousObjectList.txt

defaultSampleTemplates

Location: <appSettings>

Indicates the source file for the style sheet that the tool applies to the exported list

  • <add key="defaultSampleTemplates" value="ExportCSV.xslt"/>

    Locates the specified style sheet file

Important:

The specified value must match the value specified for the styleSheetFile or defaultSampleTemplates key.

Note:

The default value is "ExportCPL.xslt|ExportSTIX.xslt|ExportCSV.xslt".

<suspiciousObjectColumns>

Location: <soDataColumnSettings>

Indicates the data columns on the selected list

Set isEnable="true" to export the specified data column

  • <add id="1" name="SeqID" isEnable="true"></add>

    Exports the "SeqID" data column from the selected list

  • <add id="1" name="MD5Key" isEnable="false"></add>

    Explicitly excludes the "MD5Key" data column from the selected list

Important:

If you specified the ExportCSV.xslt style sheet, the tool only exports the columns specified in the style sheet.

<suspiciousObjectTypeList>

Location: <soTypeSettings>

Indicates the types of objects to export from the selected list

Set isEnable="true" to export the specified object type

  • <add value="0" description="IP" isEnable="true"></add>

    Exports all IP address type objects from the selected list

  • <add value="1" description="Domain" isEnable="false"></add>

    Explicitly excludes all "Domain" objects from the exported list

<suspiciousObjectSourceType>

Location: <soTypeSettings>

Indicates the suspicious object source type

Set isEnable="true" to export the specified object type

  • <add value="0" description="SourceType" isEnable="true"/>

    Selects the Virtual Analyzer Suspicious Object list

  • <add value="1" description="SourceType" isEnable="true"/>

    Selects the User-Defined Suspicious Object list

  • <add value="2" description="SourceType" isEnable="true"/>

    Selects the Virtual Analyzer Exception list

Important:
  • If you specified the ExportCSV.xslt style sheet and select the Virtual Analyzer Suspicious Object list or the User-Defined Suspicious Object list, the tool exports the following columns: Object, Type, Scan Prefilter, Notes and Scan Action.

  • If you specified the ExportCSV.xslt style sheet and select the Virtual Analyzer Exception list, the tool exports the following columns: Object, Type, Scan Prefilter, and Notes.