Join this online user group to communicate across Security product users and IBM experts by sharing advice and best practices with peers and staying up to date regarding product enhancements.
Prerequisit : have the IOC Parser Function v2 integration installed and configured Link to App Exchange Purpose : Enhance the standard information given by this integration in Artifact Description & Note and add a search button action on a Malware Sample artifact type. Changes : New Rule Extract IOCs (Artifact) and Extract IOCs (Attachment) New Workflows Extract IOC from this Artifact as duplicate of the Example: Parse IOCs (Artifact) with changes in post process scripts Extract IOC from this Attachment as duplicate of the Example: Parse IOCs (Attachment) with changes in post process scripts Results in Note: and in Artifact description: Attached is the res file to import this configuration. Feel free to use, change, adapt this code to your usage. Building the res file: resilient-circuits extract --workflow "parse_iocs_attachment" "parse_iocs_artifact" --rule "Extract IOCs (Artifact)" "Extract IOCs (Attachment)" -o config_IOC.res --zip