To enhance your security, you want to detect and block based on a list of domains and IP addresses. How can you use IOC management to help this objective?
A.
Blocking of Domains and IP addresses is not a function of IOC management. A Custom IOA Rule should be used instead
B.
Using IOC management, import the list of hashes and IP addresses and set the action to Detect Only
C.
Using IOC management, import the list of hashes and IP addresses and set the action to Prevent/Block
D.
Using IOC management, import the list of hashes and IP addresses and set the action to No Action
IOC management only allows "Detect only" and "No Action" among the possible actions. Therefore, it cannot be used to block based on IPs or domains. Custom IOA Rule groups allow to create rule types based on Network Connection (configuring a remote IP address) and domains, and gives the options to "Monitor", "Detect" and "Kill Process", being the late one the closest to "block".
Contribute your Thoughts:
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit