Custom Threat Collections Import

Hello Team,

I have a consult, we are importing STIX Files in the ECA Cloud Console, but we see this note “Custom collections must be uploaded to each sensor. For ExtraHop-managed sensors, contact ExtraHop Support for assistance.”

In this case, we need to import the same STIX Files in each sensor or EDA appliance connected to the cloud console? or, It will be enough just to add them to the cloud console?


Hi @rcastillo - Yes, that is correct, custom TI must be uploaded to all sensors and the console.

Here are some example scripts as well code-examples/upload_stix at main · ExtraHop/code-examples · GitHub

Hope that helps still, apologies for the delay in response, we appreciate your question.