OpenIOC 檔案是包含一或多個入侵指標 (IOC) 的 XML 檔案。請確認 OpenIOC 檔案使用的指標項受所選調查類型支援。
下表列出了 Detection & Response 進階電子郵件評估支援的 OpenIOC 指標。
|
類別
|
項目
|
要求的條件
|
|
電子郵件
|
寄件人
|
IS
|
|
RECEIVEDFROMIP
|
IS
|
|
|
RECEIVEDFROMHOST
|
IS
|
|
|
收件人
|
IS
|
|
|
主旨
|
CONTAINS
|
|
|
ATTACHMENTNAME
|
IS
|
|
|
內文
|
CONTAINS
|
|
|
FILEITEM
|
FILENAME
|
IS
|
|
SHA1SUM
|
IS
|
|
|
SHA256SUM
|
IS
|
|
|
FILEEXTENSION
|
IS
|
|
|
NETWORK
|
URL
|
IS
|