Files | Standard import#
When choosing Standard import, you can upload either:
multiple files of supported types, or
a single archive with files of the same type.
Import files#
Note
Files uploaded in Standard import have a maximum size of 100MB.
Whether importing multiple files or a single archive, proceed as follows:
Browse your network for files/an archive, or drag and drop files into the modal.
Tip
To delete a file from the list of uploaded files, select the X to the right of its name.
For each file you’re uploading, select its content type.
In the Source field, select a group.
All entities and observables ingested from the uploaded files will have this group assigned as their source.
(Optional) Select the following options if they apply to your upload(s):
Option
Description
Override source reliability:
Set a source reliability for all incoming objects.
Extract observables from unstructured text:
Select this option to parse the text in uploaded files and create observables that match well-known text patterns.
Password protected archive:
Allows you to provide the password when uploading password protected archives.
Add information source details:
Add the below listed information to the source for uploaded files.
Field
Description
Description
Provide a source description.
Identity
Name of source.
Roles
Select at least one of the following roles:
Initial Author
Content Enhancer/Refiner
Aggregator
Transformer/Translater
References
Set one or more URLs.
Override TLP:
Override TLP values for all incoming objects.
Select Upload to start uploading these files.
Content types#
You can upload files in the these formats:
Content-type |
Description |
---|---|
If native PDF, i.e. not scanned, Intelligence Center extracts observables and identifies & applies MITRE ATT&CK TTPs. |
|
DOCX |
Intelligence Center extracts observables and identifies & applies MITRE ATT&CK TTPs. |
CSV |
Under Standard import, CSV files are treated as plain text. Observables are extracted and MITRE ATT&CK TTPs are identified and applied. To upload CSV files and use more detailed data extraction methods, upload with custom data mapping. |
TXT |
This content type enables entering free text and literals, wildcards (where supported), as well as JSON paths to point to specific entity property fields, and regex patterns to filter data. |
EclecticIQ JSON |
JSON format representing entity data as JSON objects. |
MISP data |
For more information, see Incoming feed - MISP. |
SpyCloud Breach Data |
For more information, see Incoming feed - SpyCloud Watchlist Ingest. |
Email message |
Plain text emails. |
STIX 1.0 |
STIX 1.0 XML |
STIX 1.1 |
STIX 1.1 XML |
STIX 1.1.1 |
STIX 1.1.1 XML |
STIX 1.2 |
STIX 1.2 XML |
STIX 2.1 |
STIX 2.1 JSON |
CAPEC |
Categorized and enumerated attack patterns, attack mechanisms, strategies, tactics and techniques retrieved from the CAPEC catalog. |
Upload archives#
Requirements#
When uploading archives ensure:
All files in the archive must have the same file type.
Files must be a file type that matches the content type selected in step 4 of Import files.
The archive itself is one of these formats:
.rar
.tar
.tar.bz2
.tar.gz
.tar.z
.zip