Maintain a webserver, file or list with a set of hashes which are deemed suspicious, malicious, or benign which solutions can utilize. Solutions can retrieve this list of hashes on an interval. Many solutions require a specific format which the data will be structured in, so the display of the data should be able to change based on the solution utilizing the list.
Utilized most often with host based solutions which can prevent creation or execution of specific file hashes.
Manage CrowdStrike IOCs in Slack | Story Library | Tines
Submit indicators of compromise to CrowdStrike's watchlist | Library | Tines
Ingest, analyze and store IOCs with Tines | Library | Tines
Tutorial: Understanding Indicators of Compromise (IOCs) and Implementing into Cyber Threat…