使用運算子的指標
如果上傳的 OpenIOC 檔案中包含的條件使用運算子來結合指標,則 Trend Micro Apex Central 會將 OpenIOC 指標解壓縮為可疑物件,並根據 OpenIOC 指標條件中使用的運算子自動設定中毒處理行動。
|
運算子
|
中毒處理行動
|
|
OR
|
解壓縮後的物件套用使用者定義的中毒處理行動
|
|
AND
|
解壓縮後的物件一律套用「記錄」中毒處理行動
|
Trend Micro Apex Central 支援下列 OpenIOC 指標條件 (
IndicatorItemCondition):-
是 -
包含
可疑物件對應
下表列出解壓縮後每個受支援的 OpenIOC 指標 (
IndicatorItem) 的對應 Trend Micro Apex Central 可疑物件類型。|
物件類型
|
OpenIOC 指標
|
|
檔案 SHA-1
|
FileItem/Sha1sum
|
|
Taskitem/ActionList/Action/ExecProgramSha1sum
|
|
|
DriverItem/Sha1sum
|
|
|
URL
|
Network/URI
|
|
FileDownloadHistoryItem/SourceURL
|
|
|
UrlHistoryItem/URL
|
|
|
網域
|
Network/DNS
|
|
DnsEntryItem/Host
|
|
|
DnsEntryItem/RecordData/Host
|
|
|
UrlHistoryItem/HostName
|
|
|
CookieHistoryItem/HostName
|
|
|
FormHistoryItem/HostName
|
|
|
IP 位址
|
ArpEntryItem/IPv4Address
|
|
DnsEntryItem/RecordData/IPv4Address
|
|
|
Email/ReceivedFromIP PortItem/localIP
|
|
|
PortItem/remoteIP
|
|
|
ProcessItem/PortList/PortItem/localIP
|
|
|
ProcessItem/PortList/PortItem/remoteIP
|
|
|
RouteEntryItem/Destination RouteEntryItem/Gateway
|
|
|
SystemInfoItem/networkArray/networkInfo/dhcpServerArray/dhcpServer
|
|
|
SystemInfoItem/networkArray/networkInfo/ipGatewayArray/ipGateway
|