This document describes how to Indicators of Compromise (IOC) Blocklist Settings for Email Security.
Email Security.cloud
Instructions on configuring Indicators of Compromise (IOC) Blocklist Settings for Email Security.
Email Threat Detection and Response customers can access the Indicators of Compromise (IOC) Settings screen in the portal at Dashboard> Services> Email Threat Detection and Response> Indicators of Compromise (IOC) Blocklist Settings.
You enable the IOC Blocklist feature on this page by checking the box and clicking Save. Once the service is enabled, you can manage and view your IOC blocklist using the controls on the page. You can select an action to apply to messages that the service identifies. You can:
You can also use the controls on the Email Services > Anti-Malware > Alerts page to configure alerts to notify others in your organization when IOCs are blocklisted.
Using the IOC Blocklist API
The IOC Blocklist API provides functionality to:
To get started using the IOC Blocklist API, follow these steps.
- Any ClientNet user who has View Configuration permission for either the IOC Blacklist service or the Email Threat Detection and Response service can access the Download API.
- Any ClientNet user who has View Configuration and Edit Configuration permissions for the IOC Blacklist service is able to access the Upload and RenewAll APIs.
Supported IOCs
IOCs that can be added to your blocklist are: