ioc_search

Description

After you configure Custom Intelligence Feeds (Indicators of Compromise, IoC) as described in sk132193, you can use this command to check if an observable from external IoC feeds was loaded correctly. This command shows the components that are related to the specific observable type.

In addition, see:

Important:

  • You must run this command in the Expert mode.

  • In a Cluster, you must configure all the Cluster Members in the same way.

  • On Scalable Platforms (ElasticXL, Maestro, and Chassis), you must connect to the Gaia Portal of the applicable Security Group.

Syntax

ioc_search {ip | hash | snort | mail | url | domain} <Value>