Adding IOCs Export

To add a new IOCs export, follow the below steps:

  1. Navigate to the “Exports” tab by clicking on the “Settings” link in the sidebar.

  2. Click on the “Exports” tab.

  3. Click on the “Add Export” button.

  4. Enter the export name, this name will be used to identify the export in the exports list.

  5. Select the export type, in this case select “Indicators of Compromise (IOCs)”.

  6. Select the export format, IDSTower supports exporting IOCs in serveral formats: - Text format, this format exports the IOCs in a text file, one per line. - STIX 2.1 format, which is a JSON format used in TAXII-based Threat Intelligence Platforms. - Suricata Dataset format, used with Suricata Dataset feature for efficient IOCs alerting in Suricata. - Suricata Datarep format, used with Suricata Datarep feature for IP Reputation alerting in Suricata. - As Suricata Rules, This allows you to convert IOCs to Suricata Rules and normally used for compatibility reasons (Text).

    In this guide, we will select the “Text” format.

  1. Choose the IOCs Filtration settings that you want to be applied to this export, you can either use the default settings (Exporting all enabled IOCs) or customize them for this export.

    For this guide, we will use the default settings.

  2. Click on the “Add” button to save the export.

  3. Now you can see the newly added export in the exports list.

  4. Click on “View” link under “Export URL” Column to view the exported IOCs, now you can use this URL to download the IOCs file in any system.

    Note

    The export might take some time to generate, depending on the number of IOCs and the transformation settings, once it is generated, it will be catched and served instantly.

    Note

    You can disable the export by clicking on the “Enable/Disable” button, this will stop the export from being generated and served, you can enable it again by clicking on the “Enable” button.