After obtaining a properly formatted Structured Threat Information Expression (STIX) file (*.xml) from a trusted external source (a security forum or other Deep Discovery Virtual Analyzer product), import the file to Apex Central to extract the suspicious file SHA-1, IP address, URL, and domain objects to the User-Defined Suspicious Object list. When uploading a file, you can also specify the scan action that supported Trend Micro products perform after detecting the suspicious objects.
For more information about manually adding suspicious objects to the User-Defined Suspicious Object list, see Adding Objects to the User-Defined Suspicious Object List.
Apex Central only supports uploading properly formatted STIX files that have *.xml file extensions and conform to the following STIX and Cybox releases:
Apex Central automatically extracts suspicious objects to the User-Defined Suspicious Object list when the STIX file is imported.
The Custom Intelligence screen appears.
The STIX file list appears.
The Add STIX Files screen appears.
The maximum file size for each file is 10 MB.
The total number of files uploaded at the same time cannot exceed 200 files.
You can also configure scan actions for suspicious objects on the User-Defined Suspicious Object list.
For more information, see Suspicious Object Scan Actions.
Apex Central uploads the selected STIX files and extracts suspicious objects to the User-Defined Suspicious Object list.
To download a copy of a specific file, click the link in the File Name column.
To track the file extraction status, use the Command Tracking screen.
For more information, see Command Tracking.
To view the extracted suspicious objects on a filtered view of the User-Defined Suspicious Object list, click the count in the Extracted Objects column.
To delete files, select the check box next to the File Name of at least one file and click Delete.
Deleting a file does not remove the extracted suspicious objects from the User-Defined Suspicious Object list.
You cannot delete a file until Apex Central has finished extracting suspicious objects from the file.