Views:

The User-Defined Suspicious Object allows users to manually add the file hashes (SHA-1 or SHA-2) or paths of new IOC (Indicators of Compromise) into the blocked-file list, which prevents all managed endpoints from being infected by the malicious files.

  1. Click the Agents tab in the top navigation bar of the StellarOne web console.
  2. Click the All group on the Agents screen. The Agents screen displays a list of agents managed by StellarOne.
  3. Navigate to the target agent or group and click its corresponding Policy Inheritance link.
  4. Scroll down and find the User-Defined Suspicious Object at the right side of the screen.
  5. Click Add. The Add Item to User-Defined Suspicious Objects window appears.
  6. Select Hash or File Patch as the suspicious file type.
  7. Specify the file hash or path in the corresponding text field.
  8. (Optional) Specify notes in the Notes text field.
  9. Click OK to complete this task.
Parent topic: Policy Management