MANDIANT IOC Editor is a free editor for Indicators of Compromise (IOCs). IOCs are XML documents that help incident responders capture diverse information about threats including attributes of malicious files, characteristics of registry changes, artifacts in memory, and so on. IOCe provides an interface into managing data within these IOCs including:
- Manipulating the logical structures that define the IOC
- Applying meta-information to IOCs including detailed descriptions or arbitrary labels
- Converting IOCs into XPath filters
- Managing lists of "Terms" that are used within IOCs
轉自 https://blog.mandiant.com/archives/2050?utm_source=rss&utm_medium=rss&utm_campaign=redline-openioc-build-effective-indicators
0 意見: