Block malicious file indicator identified by Threat Extraction Endpoint Security

This topic describes an automation that adds a malicious file indicator identified by Threat Extraction Endpoint Security to an IOC feed to enhance threat intelligence and response.

This automation adds the malicious file indicator identified by Threat Extraction Endpoint Security as an indicator to an IOC feed, updating threat intelligence and enhancing security response.

Supported Product

  • Endpoint Security

  • IoC Management

Parameters

Expiration in days (0 means no expiration)

Set the expiration period for the automation.

Trigger

Matching malicious file indicator identified by Threat Extraction Endpoint Security with high confidence.

To view the example of this log, click ../running-automation/running-the-automation.dita.

Flow