Views:

You can directly add suspicious objects or import suspicious objects contained in CSV, OpenIOC, and STIX files to the Suspicious Object List.

TrendAI Vision One™ can extract suspicious domains, file SHA-1, file SHA-256, IP addresses, sender addresses, and URL objects from imported files.

Procedure

  1. Go to Threat IntelligenceSuspicious Object Management.
  2. Click Add.
  3. Select the Method.
    • Wildcards (*) are not supported for domains, URLs, sender addresses, or CIDR IP addresses.
    • The maximum file size for import is 1 MB.
    • Each CSV or OpenIOC file can contain a maximum of 2,000 objects.
    • For STIX files, only versions 2.0 and 2.1 are supported.
  4. Select a risk level.
  5. Specify the actions that connected products apply after detecting the object.
  6. Select an expiration option.
  7. Type a description.
  8. Click Submit.
Connected products receive the new object information from TrendAI Vision One™ during the next synchronization.