Name (card title)
- The is the indicator itself. See Examples of Good IOCs for examples.
TLP
- Traffic Light Protocol designation for this IOC. Also see: Traffic Light Protocol (TLP)
Indicator Type
- The specific data type of the indicator. Choose from any of the default options, or create your own.
Confidence
- A confidence rating indicating how likely this indicator signals an actual compromise.
Description
- A brief description of this IOC, perhaps containing information as to where it was first spotted and the related incident.
Tags
- An arbitrary set of metadata labels for the IOC. Use as you see fit for reporting or classification.
Files
-
Uploaded file samples to accompany this IOC entry.
<aside> ⚠️
NOTE: Uploading malware to Notion could be problematic. It is recommended to first compress + password protect the sample before uploading. Provide the password in the Description field for this IOC.
</aside>
Related IOCs
- Additional IOCs that are directly related to this one. These links are bidirectional, which relies on an automation tied to a hidden field: Related To.
- A good example would be a piece of malware with the following attributes:
-
File name:
malware.exe -
MD5:
a8f5f167f44f4964e6c998dee827110c -
SHA1:
85136c79cbf9fe36bb9d05d0639c70c265c18d37
Each of these items would be individual IOCs in the IOC Database, however, they are linked to one another. Note, linking in one direction automatically links in the other direction as well.
-