IOC Uploading

Updated 1 week ago by Elvis Hovor

Q. How do I add a tag to half the IOCs in a list and then add a separate tag to the other half?

A. This can be done seamlessly with the bulk tag option that is presented to the user during the bulk upload process. To apply separate tags, you need to split the IOCs into two separate lists, apply the tags you want to each list, and then upload them to TruSTAR.

Q. Will tags in a bulk upload correlate to the tags in my reports?

A. Currently, these tags are treated as separate entities and therefore will not correlate with each other.

Q. Why am I not seeing correlations from sources that I subscribe to?

A. The IOC management feature will not query any sources of intelligence. You will see correlations between the IOCs you've uploaded and any intelligence that is available in the platform at the time of upload.

Q. Is there an API endpoint for IOC management?

A. Yes, there is! Here is the link to read more: Link

Q. Can I pull IOCs into my SIEM using your integration?

A. Many of our integrations are in the process of being updated to support this functionality. Please check the documentation for your installed integration to check for any updates.


How Did We Do?