Views:
You can populate criteria for advanced endpoint assessments using OpenIOC files. Advanced endpoint assessments using OpenIOC files have a data period of up to the past 30 days.
Note
Note
You must configure and upload OpenIOC files to Remote Manager.
For a list of supported OpenIOC indicator types, see Supported OpenIOC Indicators for Advanced Endpoint Assessments.

Procedure

  1. Click Detection & ResponseAssessments.
  2. Expand Create Assessment, and select Advanced and Endpoints.
  3. To use OpenIOC criteria, select OpenIOC file.
  4. To upload a new OpenIOC file:
    1. Click Upload OpenIOC File.
    2. Locate the OpenIOC file.
    3. Click Open.
  5. To use a previously uploaded OpenIOC file:
    1. Click Use Existing OpenIOC File.
    2. Select the OpenIOC file from the list.
    3. Click Apply.
  6. Review the preview of the OpenIOC definitions.
    Definitions containing unsupported indicators are crossed out and omitted from the assessment.
  7. Enter a task name or use the generated task name.
  8. Select the data period.
    • Last 24 hours
    • Last 7 days
    • Last 30 days (default)
  9. Click Select Customers, then choose the customers to include in the assessment.
    Only customers with EDR or XDR licenses are available for selection.
  10. Click Assess Impact.
You can monitor the status of the assessment task in AdministrationAdministration logs.