Threat intelligence can also be utilized with Redline. Redline allows for searching for IOCs through a collector or IOCs can be loaded and searched in an existing memory capture. For example, if analysts would like to search for matching IOCs in a memory image, they would first open the memory image. In the lower left-hand corner, click on the tab IOC Reports. This will create a new button titled Create a New IOC Report.
The following window will appear:
Redline has the ability to ingest IOCs within the OpenIOC format. Analysts should create a folder on their system where the IOC files can be placed, as Redline will not read a single ...