Procedure

1. Go to Threat Intel → Custom Intelligence.
   The Custom Intelligence screen appears.
2. Click the STIX tab.
   The STIX file list appears.
3. (Optional) To filter the files that display in the file list, use the search box to specify a full or partial string contained in the File Name, Short Description, or Source Added By columns.
4. Click Add.
   The Add STIX Files screen appears.
5. Select STIX files (*.xml) to upload.
   1. Click Select Files....
   2. Select one or more files to upload.

      Note The maximum file size for each file is 10 MB. The total number of files uploaded at the same time cannot exceed 200 files.

   3. Click Open.
6. (Optional) Click Advanced settings to specify scan actions that supported products perform after detecting the object.

   Note You can also configure scan actions for suspicious objects on the User-Defined Suspicious Object list. For more information, see Suspicious Object Scan Actions.

7. Click Add.
   Apex Central uploads the selected STIX files and extracts suspicious objects to the User-Defined Suspicious Object list.

   • To download a copy of a specific file, click the link in the File Name column.
   • To track the file extraction status, use the Command Tracking screen.
     For more information, see Command Tracking.
   • To view the extracted suspicious objects on a filtered view of the User-Defined Suspicious Object list, click the count in the Extracted Objects column.
   • To delete files, select the check box next to the File Name of at least one file and click Delete.

     Note Deleting a file does not remove the extracted suspicious objects from the User-Defined Suspicious Object list. You cannot delete a file until Apex Central has finished extracting suspicious objects from the file.