http://wiki.wfilterngf.com/index.php?action=history&feed=atom&title=IOCsIOCs - Revision history2026-04-05T16:54:17ZRevision history for this page on the wikiMediaWiki 1.19.14+dfsg-1http://wiki.wfilterngf.com/index.php?title=IOCs&diff=1144&oldid=prevWFilter: Created page with "{{DISPLAYTITLE:Indicators of Compromise}} == Indicators of Compromise == IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This m..."2023-10-17T06:55:22Z<p>Created page with "{{DISPLAYTITLE:Indicators of Compromise}} == Indicators of Compromise == IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This m..."</p>
<p><b>New page</b></p><div>{{DISPLAYTITLE:Indicators of Compromise}}<br />
== Indicators of Compromise ==<br />
<br />
IOCs(Indicators of Compromise) can detect clients may have been infiltrated by a cyber threat. This module is built on the Snort project.<br />
<br />
== Settings ==<br />
<br />
* IOCs Settings: setup the policy when a compromised client is detected.<br />
** Record only, only record the attacks events.<br />
** Record and block ip, record the attack events and block the source ip for a period.<br />
* Add Alert Event: whether to add attacks events to the "Event" module.<br />
* IP Whitelist: whitelisted traffic won't be checked. Syntax: 192.168.1.20,192.168.1.20/24.<br />
<br />
[[File:icos_settings.png|900px]]<br />
<br />
<br />
== Detection History ==<br />
<br />
Query history records of detected malware events, including ip addresses, ports, type and messages.<br />
<br />
[[File:icos_query.png|900px]]<br />
<br />
[[Category:Security]]</div>WFilter