You can enable IOC module for a profile, and configure what events are transmitted to the Qualys Cloud Platform.
(1) Toggle Enable IOC module for this profile to ON. This is required for IOC data collection to occur.
(2) Configure what IOC artifacts are transmitted to the Qualys Cloud Platform. Defaults are provided as shown, so this step is optional. You can configure values for process mutex, registry, and file location groups 1-2. Toggle a configuration setting to ON before you using it. You must set at least one configuration setting to ON if you have enabled IOC for this profile.
Tip - We recommend you set up asset tags for your IOC assets using AssetView. This makes it easy to associate IOC assets with a CA configuration profile enabled for IOC.
(IOC settings are available only when IOC is enabled for your subscription)
Configure settings constitute the time lapse after which the following types of IOC events are transmitted to the Qualys Cloud Platform:
Process Mutex - Events related to running processes and mutex
Registry - Events related to likely registry locations indicating the presence of malware
File Locations Group 1 - Events specific to user file paths such as C:\Users\*
File Locations Group 2 - Events specific to system file paths such as C:\Program Files\*, C:\Program Files (x86)\*, or C:\Windows\*
File Locations Group 3 - This setting is not supported at this time.