Add A Custom IOC Feed

Draft

Level: Simple

Goal: Connect a private or custom IOC feed.

Real-Life Scenario

A customer sends a short CSV of indicators from their incident response team, and the analyst needs to import it without mixing it with public feed data.

When To Use This

Use this workflow when you need a fast, low-friction action and want the output to remain traceable to evidence.

Steps

Open IOC Library source panel and add a JSON, CSV, or TXT feed with a clear label.
Run sync and filter by the source label to verify import.

Expected Result

Private or custom observables stored with source context.

Review Notes

Keep source labels and evidence attached to every accepted result.
Treat actor matches, enrichment hits, and matrix overlap as analytical signals until corroborated.
Export only reviewed findings for customer, SOC, detection engineering, or executive use.

Draft​

Real-Life Scenario​

When To Use This​

Steps​

Expected Result​

Review Notes​