Indicators of Compromise (IOCs) in WatchGuard Advanced EPDR
Applies To: WatchGuard Advanced EPDR
Indicators of Compromise (IOCs) are an industry standard to describe conditions on IT systems which, if met, could compromise the security of an organization.
You can use shared IOCs to detect new malware. Structured Threat Information Expression (STIX) is the language and serialization format used to exchange cyber threat intelligence (CTI) in IOCs. STIX enables organizations to share CTI with one another in a consistent and machine readable manner, to enable security communities to better understand what computer-based attacks they are most likely to see and to anticipate and respond to those attacks faster and more effectively. It is open source and free.
To identify indicators of compromise on your network, complete these high-level tasks:
- Import third-party IOCs or create an IOC manually. For more information, go to Import and Export IOCs or Manage IOCs.
- Create an IOC search task. For more information, go to Create an IOC Search Task.
- Review the IOC search results in the IOCs dashboard or from the list of IOCs in the IOC Gallery. For more information, go to Indicators of Compromise Dashboard and About the IOC Gallery.