Services Config View - Indicators of Compromise Tab
This topic introduces the features and functions available in the Service Config view > Indicators of Compromise tab, which applies to the Malware Analysis service. This tab provides a way to configure the way each of the four scoring modules uses the available rules to score data.
Workflow
What do you want to do?
| Role | I Want to... | Show me how |
|---|---|---|
| Administrator | Configure General Malware Analysis Settings | Configure General Malware Analysis Settings |
| Administrator | Configure Indicators of Compromise* | Configure Indicators of Compromise |
|
Administrator |
Configure Auditing on Malware Analysis Host |
|
| Administrator | Configure Hash Filter | (Optional) Configure Hash Filter |
|
Administrator |
Configure Installed Anti virus Vendor |
|
| Administrator | Configure Malware Analysis Proxy Settings | (Optional) Configure Malware Analysis Proxy Settings |
|
Administrator |
Register a TreadGRID API Key |
|
| Administrator | Enable Community Analysis | Enable Community Analysis |
*You can perform this task in the current view
Related topic
Quick Look
This is an example of the Indicators of Compromise tab.
| 1 | Displays the Indicators of Compromise Tab. |
Features
The Indicators of Compromise tab consists of a toolbar and page-able grid.
This table describes the features of the grid.
| Feature | Description |
|---|---|
| Module selection list | Selects the scoring module for which you want to view the Indicators of Compromise: All, Network, Static, Community, Sandbox, or Yara. |
| Search field | Type text for which you are searching in the Description field. |
| Search option | Filters the grid to display only Descriptions that match the Description search term. |
| Enable All option | Click to enable all rules for the scoring module, as opposed to enabling all rules on the page using the checkbox. |
| Enable option | Click to enable selected rules. |
| Disable All option | Click to disable all rules for the scoring module, as opposed to disabling all rules on the page using the checkbox. |
| Disable option | Click to disable selected rules. |
| Reset All option | Click to reset all rows on the page to their default values. |
| Reset option | Click to reset selected rows to their default values. |
| Save option | Click to save changes you made on this page. If you leave the page without saving, the changes are lost. The description of each row with unsaved changes has a red corner. |
This table describes the features of the toolbar.
| Column | Description |
|---|---|
| Selection checkbox | Checkboxes for selecting individual rows or all rows on the page. |
| Enabled checkbox | If the indicator of compromise is enabled, Malware Analysis uses the rule for scoring session data. |
| High Confidence checkbox | If checked, Malware Analysis treats the rule as one very likely to indicate the presence of malware, and an event that triggers that rule is marked in the results grid. |
| Description | Describes the Indicator of Compromise. |
| Score | Specifies the score that you want to factor in to the total score for any event that triggers the rule. The default score is displayed and you can raise or lower the score by dragging the slider or typing a number in the score box. |
| File Type | Displays the file types to which the rule applies. Possible values are ALL, PDF, MS Office, and Windows PE. |
