Skip navigation
All Places > Products > RSA NetWitness Platform > RSA NetWitness Platform Online Documentation > Documents
Log in to create and rate content, and to follow, bookmark, and share content with other members.

MA: Services Config View - Indicators of Compromise Tab

Document created by RSA Information Design and Development on Sep 15, 2017Last modified by RSA Information Design and Development on Feb 25, 2020
Version 11Show Document
  • View in full screen mode

This topic introduces the features and functions available in the Service Config view > Indicators of Compromise tab, which applies to the Malware Analysis service. This tab provides a way to configure the way each of the four scoring modules uses the available rules to score data.


What do you want to do?

RoleI Want to...Show me how
AdministratorConfigure General Malware Analysis Settings Configure General Malware Analysis Settings
AdministratorConfigure Indicators of Compromise* Configure Indicators of Compromise


Configure Auditing on Malware Analysis Host

(Optional) Configure Auditing on Malware Analysis Host

AdministratorConfigure Hash Filter(Optional) Configure Hash Filter


Configure Installed Anti virus Vendor

Configure Installed Antivirus Vendors

AdministratorConfigure Malware Analysis Proxy Settings(Optional) Configure Malware Analysis Proxy Settings


Register a TreadGRID API Key

(Optional) Register for a ThreatGRID API Key

AdministratorEnable Community AnalysisEnable Community Analysis

*You can perform this task in the current view

Related topic

Basic Setup

Quick Look

This is an example of the Indicators of Compromise tab.

1Displays the Indicators of Compromise Tab.


The Indicators of Compromise tab consists of a toolbar and page-able grid.

This table describes the features of the grid.

Module selection listSelects the scoring module for which you want to view the Indicators of Compromise: All, Network, Static, Community, Sandbox, or Yara.
Search fieldType text for which you are searching in the Description field.
Search optionFilters the grid to display only Descriptions that match the Description search term.
Enable All optionClick to enable all rules for the scoring module, as opposed to enabling all rules on the page using the checkbox.
Enable optionClick to enable selected rules.
Disable All optionClick to disable all rules for the scoring module, as opposed to disabling all rules on the page using the checkbox.
Disable optionClick to disable selected rules.
Reset All optionClick to reset all rows on the page to their default values.
Reset optionClick to reset selected rows to their default values.
Save optionClick to save changes you made on this page. If you leave the page without saving, the changes are lost. The description of each row with unsaved changes has a red corner.

This table describes the features of the toolbar.

Selection checkboxCheckboxes for selecting individual rows or all rows on the page.
Enabled checkboxIf the indicator of compromise is enabled, Malware Analysis uses the rule for scoring session data.
High Confidence checkboxIf checked, Malware Analysis treats the rule as one very likely to indicate the presence of malware, and an event that triggers that rule is marked in the results grid.
DescriptionDescribes the Indicator of Compromise.
ScoreSpecifies the score that you want to factor in to the total score for any event that triggers the rule. The default score is displayed and you can raise or lower the score by dragging the slider or typing a number in the score box.
File TypeDisplays the file types to which the rule applies. Possible values are ALL, PDF, MS Office, and Windows PE.

You are here
Table of Contents > Malware Analysis References > Services Config View - Indicators of Compromise Tab