https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562053#M6723 Sorry, more than likely .csv format.<BR />I would require the format of the table beforehand in order to upload<BR />accordingly.<BR /> Wed, 02 Mar 2022 12:06:20 GMT larry.siegelman 2022-03-02T12:06:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4558737#M6695 <P>Hello,</P><P>I have hash values that I would like to upload to the Secure Endpoint platform.</P><P>Is there any logical publication showing how to do so?</P><P>I see that an XML file format is needed.</P><P>What are some samples, so it would match?</P> Thu, 24 Feb 2022 10:43:36 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4558737#M6695 larry.siegelman 2022-02-24T10:43:36Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4558977#M6697 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1305698">@larry.siegelman</a>&nbsp;,<BR />the CloudIOC detections generated by backend engines are fully managed by Cisco. The customer cannot generate custom "Real Time IOC detections". You are able to do Endpoint IOC Scans. What do you want to do?<BR />Greetings,<BR />Thorsten</P> Thu, 24 Feb 2022 15:49:41 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4558977#M6697 Troja007 2022-02-24T15:49:41Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4559803#M6702 <P>You can check the <A href="https://docs.amp.cisco.com/Cisco%20Endpoint%20IOC%20Attributes.pdf" target="_self">Cisco Endpoint IOC Attributes</A> document available from the <A href="https://console.amp.cisco.com/docs" target="_self">Secure Endpoint Documentation</A> portal. The document contains links to several examples in OpenIOC format. There are several other resources available online from various vendors related to the OpenIOC format including those found at <A href="http://www.openioc.org/" target="_blank" rel="noopener">openioc.com</A>.</P> Fri, 25 Feb 2022 17:14:03 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4559803#M6702 johnosn 2022-02-25T17:14:03Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4560332#M6704 Hello,<BR />Thank you for the information, but that is not what I am looking for.<BR />I have experience with other security platforms from other leading vendors,<BR />and to upload hash files from threat feeds or from our national CIRT, is<BR />much easier.<BR />Why does Cisco have to make you jump through hoops in order to upload<BR />hashes?<BR /> Sun, 27 Feb 2022 04:42:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4560332#M6704 larry.siegelman 2022-02-27T04:42:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4560333#M6705 I have experience with other security platforms from other leading vendors,<BR />and to upload hash files from threat feeds or from our national CIRT, is<BR />much easier.<BR />Why does Cisco have to make you jump through hoops in order to upload<BR />hashes?<BR /> Sun, 27 Feb 2022 05:00:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4560333#M6705 larry.siegelman 2022-02-27T05:00:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561270#M6714 <P>Hello&nbsp;<a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/1305698">@larry.siegelman</a>&nbsp;,<BR />I´m working on Feature Requests for Secure Endpoint. Just to be specific defining the Feature request.</P> <P>When uploading hashes from Threat Feeds, what should be the action?</P> <UL> <LI>Generating an alert that the file has been seen?</LI> <LI>Block the execution of the file?</LI> <LI>Quarantine the file?</LI> </UL> <P>Thanks and Greetings,<BR />Thorsten</P> Tue, 01 Mar 2022 07:18:12 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561270#M6714 Troja007 2022-03-01T07:18:12Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561276#M6715 Hello <a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/547768">@Troja007</a><BR /><BR />If we can upload hashes, then I would expect that it would block the file<BR />or executable from being able to propagate.<BR />As with any other malware/IOC that gets blocked in our environment, these<BR />too would be shown that their presence was blocked.<BR />We already have Cisco threat Response to verify that it was not present.<BR /> Tue, 01 Mar 2022 07:36:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561276#M6715 larry.siegelman 2022-03-01T07:36:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561639#M6719 Hey Larry,<BR />What format are the files you're trying to upload? Is it something standard?<BR />Ken<BR /><BR /> Tue, 01 Mar 2022 19:41:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561639#M6719 Ken Stieers 2022-03-01T19:41:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561803#M6721 Hi Ken,<BR /><BR />Yes, basically, hashes of recognized files.<BR />I have experience with other globally leading vendors, where I was able to<BR />upload, albeit to our direct environment, hash values.<BR /> Wed, 02 Mar 2022 05:56:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4561803#M6721 larry.siegelman 2022-03-02T05:56:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562047#M6722 I meant csv, json, xml, stix, yara?<BR /> Wed, 02 Mar 2022 11:58:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562047#M6722 Ken Stieers 2022-03-02T11:58:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562053#M6723 Sorry, more than likely .csv format.<BR />I would require the format of the table beforehand in order to upload<BR />accordingly.<BR /> Wed, 02 Mar 2022 12:06:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562053#M6723 larry.siegelman 2022-03-02T12:06:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562166#M6724 <P>I guess I'm confused as to what the issue is...&nbsp;</P> <P>Outbreak Control/Custom detections, create or add to a current one... you can add SHAs there...</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="SCD.png" style="width: 985px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/145070iE87FFEB1B709A3A7/image-size/large?v=v2&amp;px=999" role="button" title="SCD.png" alt="SCD.png" /></span></P> Wed, 02 Mar 2022 15:04:15 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562166#M6724 Ken Stieers 2022-03-02T15:04:15Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562185#M6725 You know what, it says "Simple" and I never took it to be that!<BR />How silly do I feel now? <span class="lia-unicode-emoji" title=":slightly_smiling_face:">🙂</span><BR />Having said that, is there a required format for the file?<BR />Any examples to download and use as a template?<BR /> Wed, 02 Mar 2022 15:21:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562185#M6725 larry.siegelman 2022-03-02T15:21:20Z https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562246#M6726 One SHA per line for a set of SHA's, they all get the same note...<BR />Hey Torsten, and ehn would be to be able to pull the note from the CSV... so the SHA's get their own note.<BR /><BR /> Wed, 02 Mar 2022 16:32:20 GMT https://community.cisco.com/t5/endpoint-security/iocs-upload-to-secure-endpoint/m-p/4562246#M6726 Ken Stieers 2022-03-02T16:32:20Z