IOC Stream - Threat Feeds
The IOC Stream view is an evolution to the previous Livehunt Notifications view. This view allows users to digest the incoming VT flux into relevant threat feeds that you can study here or easily export to improve detection in your security technologies.
You will see different tabs for different Threat Feeds. Currently the only Threat Feed available is the "Files" feed, which comes to replace the previous Livehunt Notifications
Files
Files notifications are listed in the IoC stream view, sorted by the matching date in descending order as shown in the image below. Additionally, you will receive notifications in your email if you configured your ruleset as described in the previous section. You can also access your notifications via the VirusTotal API. Notifications are deleted automatically after 10 days.
- List with matches notifications generated by your YARA rule(s).
- You can click to filter the notifications based on the matching YARA rule name or YARA ruleset name.
- You can refresh and delete notifications.
- You can sort by the matching date in ascendent or descendent order.
- You can filter the notifications by a searching string, specific Yara rulesets, Start date or end date.
- You can export IOCs by downloading the matching files or copying the hashes to the clipboard.
- In the Tool menu you can
- Create a diff session with the selected files.
- Create a VT Graph with the selected files.
- Find commonalities in the selected files.
- Add the selected files to a collection.
- Feature Icons:
- If your YARA rule is based on strings, if you hover the eye icon , you can see the Match context.
- If the matching file trigger network connections, if you hover the globe icon, you can see the Related network locations.
- If the matching file comes from a known distributor, if you hover the source icon, you will see the known distributor name.
- If the matching file have more than one name on its different submissions, if you hover the last name you can see the list of names.
- If your YARA rule is based on strings, if you hover the eye icon , you can see the Match context.