Importing Objects From STIX

Procedure

1. Go to Threat Intelligence → Custom Intelligence → STIX.
   The STIX screen appears.
2. Click Import.
   The Import Objects From STIX dialog appears.
3. Click Select to locate a STIX file to import.
4. (Optional) Type a description for this STIX file.
5. Click Import.

   Note Only IP addresses, domains, URLs, file SHA-1 hash values, and file SHA-256 hash values will be added to the User-Defined Suspicious Objects list. When using STIX 1.x, only Indicators whose Confidence is not Medium, Low, None, or Unknown will be added to the User-Defined Suspicious Objects list. When using STIX 2.0, only "indicator" type objects that are not labeled as "anomalous-activity", "anonymization", "benign", or "compromised", and that are not revoked will be added to the User-Defined Suspicious Objects list. When using STIX 2.1, only "indicator" type objects that are not labeled as "anomalous-activity", "anonymization", "benign", "compromised", or "unknown", and that are not revoked will be added to the User-Defined Suspicious Objects list. The STIX file and object information can be shared as part of threat intelligence.

   The objects appear in the User-Defined Suspicious Objects list. Registered appliances receive the updated User-Defined Suspicious Objects list during the next synchronization.