Upload Private IoCs via Maltiverse Portal
This feature is only available for the Platform plan users.
Maltiverse allows users to upload and manage IoCs directly through the platform. This feature streamlines the process of parsing IoCs from raw text, associating them with relevant metadata, and storing them in a private database accessible only to the Enterprise Customer. The uploaded IoCs can then be utilized through threat intelligence feeds or accessed via API.
How to use the IoC upload feature
1. Accessing the IoC upload form
To use the IoC upload feature, navigate to the Maltiverse platform and locate the Upload IoC (1) section in the menu. This section provides an input textbox where you can paste any text.
2. Pasting IoCs
Copy and paste the IoCs you want to upload into the designated text input form. Maltiverse will automatically parse the input and identify the IoCs within the provided text that you will notice in the Indicators draft. Once you have added the IoCs, click Next (1).
3. Complete information
After parsing the IoCs, Maltiverse will prompt you to enter metadata associated with each IoC. The following metadata options are available:
- Blacklist Description: Describe any information related to blacklists associated with the IoCs.
- Classification: Choose a classification for each IoC, such as Malicious, Suspicious, Neutral, or Whitelist.
- Mitre Attack Threat Actor: Specify any Mitre Attack Threat Actor relevant to the IoCs.
- Tags: Add any additional tags that can help categorize and identify the uploaded IoCs.
4. Review and confirmation
Review the parsed IoCs along with their associated metadata. Ensure that all relevant information has been entered accurately. Once satisfied with the IoCs and metadata, click Publish Indicators (1). This action will upload the IoCs and their associated metadata to a private database accessible only to you as the customer.
Accessing uploaded IoCs
- Access them through the Platform Search Engine, you can learn how to use the engine in our documentation.
- Create custom feeds with your new IoC so they can be disseminated to you security tools. Learn how to create custom threat intelligence feeds following our documentation.
Related Articles
Upload Private IoCs via API
This feature is only available for the Platform plan users. The Maltiverse API provides a structured way for users to upload and manage Indicators of Compromise (IoCs) such as IPv4 addresses, hostnames, URLs, and samples (identified by hashes like ...Use Case: Upload private IoCs
In today’s complex cybersecurity landscape, organizations should not only rely on consuming global threat intelligence. Generating your own threat intelligence also plays a huge role in keeping your organization safe. Internal research, incident ...Use Case: IoC Dissemination
When talking about securing your operations, speed and coverage are two critical aspects in keeping your data safe. Having access to private or global IoCs is valuable, but their real power comes when they are distributed across your security stack. ...Maltiverse Plans
Maltiverse offers three different subscription plans designed to fit a wide range of security needs, from individuals and small teams just starting with threat intelligence, to large enterprises requiring advanced integrations and full platform ...Maltiverse Search Engine
Maltiverse’s Search Engine is a powerful tool that can be used to explore and filter Indicators of Compromise (IoCs) efficiently. By using the Lucene Query Syntax you can have precise control to carry out searches for specific types of indicators ...