I want to use "Cyber Threat feed" feature of ESM (Enterprise security Manager) with help of manual upload of IP Addresses or domain names. What are the steps to do it ? If IOC files are only option to upload for backtrace to work then how can I create IOC files using my list of IP addresses or domain names ?
If you want to manually upload IP address or domain names, why not use watchlist?
I know I can upload IP Addresses and domain names using watchlist. I want to learn how can I use Cyber threat feed using manual upload feature which is available there. How can I convert feeds into IOCs (Indicators of compromise) in STIX (Structured threat information expression) format which is only acceptable format for manual upload.
Here are some samples you can use as a template:
Taken from here... STIX -Samples