IOC Management

IoC stands for Indicators of Compromise. These indicators arrive from various sources, such as Internet, personal research and so on. Such indicators are not identified by default and you can block them manually.

For example, if a user receives an indication that a particular URL is malicious, the user can contact their System Administrator to block access to this URL. The System Administrator tags this URL as an Indication of Compromise IoC and the policy is enforced on all the endpoints through the Harmony Endpoint client or the browser extension.

Notes:

To configure an IoC:

  1. In Infinity Portal, go to Policy > Threat Prevention.

  2. In the toolbar, select Manage IoC. No need to install policy.

  3. In the table that appears, manually add new Indicators of Compromise by type:

    IoC Type

    Example

    Domain checkpoint.com
    IP Address 192.168.1.1
    URL checkpoint.com/test.htm
    MD5 Hash 2eb040283b008eee17aa2988ece13152
    SHA1 Hash 510ce67048d3e7ec864471831925f12e79b4d70f

    Note - The browser extension supports all the IoC types except Domain.

  4. Hover over the icon next to Type to view the capabilities required for each type:

  5. The user can also upload his own manually-created CSV list of indicators.

  6. To verify, on the endpoint, access the IoC (for example, a URL). The system blocks the access to the IoC.