Skip to content

IOC Domain

The IOC (Indicator of Compromise) Domain feature enables administrators to track and manage domains associated with potential security threats. These domains may be linked to phishing campaigns, malware distribution, botnets, or other malicious activities. By maintaining an updated list of IOC domains, the system enhances threat detection and response capabilities.

Managing IOC Domains

Navigate to Administration > IOC Domains from the main menu. Administrators can perform the following actions within the IOC Domain interface:

  • Add a New IOC Domain – Manually enter a domain to be monitored as a potential threat.

  • Edit – Modify an existing IOC domain entry.

  • Delete – Remove a domain from the list.

  • Import CSV – Bulk upload a list of domains for faster management.

  • Export CSV – Download the current list of IOC domains for external review or backup.

  • Truncate – Clear the entire list of IOC domains.

  • Block – Individually block specific domains from being accessed within the network.

  • Block ALL – Apply a blanket restriction to all domains listed in the IOC Domain database, preventing access to any of them.

Adding a new IOC Domain

The IOC Domain feature allows administrators to manually add domains that are associated with potential security threats, such as phishing or malware distribution. Adding a new IOC domain helps enhance the network’s defense by ensuring that traffic to and from these malicious domains is blocked or flagged for review.

To add a new IOC domain, follow these steps:

1.Navigate to Administration > IOC Domains from the main menu.

2.Click the Add IOC Domain button.

3.In the Name field, enter a descriptive name for the domain entry (e.g., Malicious Domain List).

4.In the Domain Name field, enter the domain you wish to add (e.g., malicious-example.com).

5.Click Save to apply the changes.