Custom Threat Collections Import

rcastillo · January 31, 2023, 7:48pm

Hello Team,

I have a consult, we are importing STIX Files in the ECA Cloud Console, but we see this note “Custom collections must be uploaded to each sensor. For ExtraHop-managed sensors, contact ExtraHop Support for assistance.”

In this case, we need to import the same STIX Files in each sensor or EDA appliance connected to the cloud console? or, It will be enough just to add them to the cloud console?

Thanks,

girardo · February 13, 2023, 6:48pm

Hi @rcastillo - Yes, that is correct, custom TI must be uploaded to all sensors and the console.

Here are some example scripts as well code-examples/upload_stix at main · ExtraHop/code-examples · GitHub

Hope that helps still, apologies for the delay in response, we appreciate your question.