View IOCs in the IBM QRadar App
After IOCs are imported into the app, you can view their details in the IntSightsDashboard > IOC Overview page.
The app also shows which IOCs correlate to other IOCs in the IBM QRadar environment, enabling you to focus on the most relevant ones, For more information, see IOC Correlation in the IBM QRadar App.
Viewing IOC Details
The IOC Overview dashboard page gives a quick glance of IOC activity that was imported from all defined inputs. The dashboard shows when the IOCs were last updated (default is every 30 minutes).
For further granularity, you can drill down on any of the IOC widgets and export the information as a PDF.
The following table describes the data shown in the IOCs Overview page:
| Field | Description |
|---|---|
| Total IOCs | The count of IOCs fetched from Threat Command over the last 180 days. |
| New IOCs in Last 7 Days | The count of IOCs fetched from Threat Command over the last 7 days. |
| New IOCs in Last 24 Hours | The count of IOCs fetched from Threat Command over the last 24 hours. |
| Total IOCs by Type | Barchart representation of IOCs fetched within the last 180 days with a bar for each IOC Type. |
| Domains IOCs in Last 24 Hours | The count of Domain IOCs fetched in the last 24 hours. This panel also shows insights into the data flow for Domain IOCs in the last 24 hours, over the previous 24 hour-cycle. A trend arrow represents the change in data flow of fetched Domain IOCs.- A green arrow indicates that the data from the last 24 hours is LESS then the data collected in the previous 24 hours.- A red arrow indicates that the data from the last 24 hours is MORE then the data collected in the previous 24 hours. |
| Emails IOCs in Last 24 Hours | The count of Email IOCs fetched in the last 24 hours. See the trend information in the Domain IOCs explanation. |
| Hashes IOCs in Last 24 Hours | The count of Hash IOCs fetched in the last 24 hours. See the trend information in the Domain IOCs explanation. |
| IpAddresses IOCs in Last 24 Hours | The count of IP Address IOCs fetched in the last 24 hours. See the trend information in the Domain IOCs explanation. |
| URLs IOCs in Last 24 Hours | The count of URL IOCs fetched in the last 24 hours. See the trend information in the Domain IOCs explanation. |
| Total High Severity IOCs | The count of IOCs fetched in the last 180 days with a High severity. |
| Total Medium Severity IOCs | The count of IOCs fetched in the last 180 days with a Medium severity. |
| Total Low Severity IOCs | The count of IOCs fetched in the last 180 days with a Low severity. |
When you drill down, the List of Events tab displays details that produced the results on which you clicked.
To see IOC details:
- Select IntSights Dashboard > IOC Overview.
- From the IOC Overview page, click a widget.
The List of Events page is displayed.
From that page, you can view additional IOC data, such as:
- First and last seen date
- From which feed the IOC was imported
- Severity
- System tags
- To see further IOC metadata, double-click an IOC value.