Parsing for Signatures Transcript 00:00:16 Speaker 1 The ThreatQ platform provides you with the ability to parse a file for signatures. 00:00:21 Speaker 1 While importing you have the option for ThreatQ to parse the signatures for indicators as well. 00:00:28 Speaker 1 Once signatures are included in your deployment, you can add contextual information and correlate them with other system objects using the ThreatQ, Threat Library and ThreatQ integrations. 00:00:39 Speaker 1 To import signatures from a file, click on the create button and select signature parser. 00:00:45 Speaker 1 The add signatures form will load. 00:00:48 Speaker 1 Select the type of signature to import. 00:00:52 Speaker 1 Select a source to be assigned to the signatures from the drop down or add a new source using the add new source option. 00:00:59 Speaker 1 Select the signature file to parse. 00:01:02 Speaker 1 There are several different ways to upload a signature file. 00:01:06 Speaker 1 You can click on the, click the browse link to select the file. 00:01:12 Speaker 1 You can drag and drop the signature file onto the form. 00:01:16 Speaker 1 You can also copy and paste the contents of the file directly into the form. 00:01:23 Speaker 1 The parse signature for indicators option will be selected by default. 00:01:27 Speaker 1 This option will parse the extracted signatures for indicators. 00:01:32 Speaker 1 You can leave this option selected or uncheck it. 00:01:35 Speaker 1 Select this status to be applied to the extracted signatures. 00:01:40 Speaker 1 Optionally, you can apply an attribute type value and source to the signatures. 00:01:46 Speaker 1 You can also relate the signature to another system object. 00:01:56 Speaker 1 Click on next. 00:01:57 Speaker 1 Once you have selected your options. 00:01:59 Speaker 1 The import results dialog box will open. 00:02:02 Speaker 1 Click on review to see a list of signatures and indicators. 00:02:06 Speaker 1 If you have selected that option from the file you can click on show details for each signature to review the source code. 00:02:14 Speaker 1 Select the checkboxes next to the objects that are not required and click on remove to remove them from the import process. Once you have finished your review, click on the create button to complete the process. 00:02:27 Speaker 1 The extracted signatures and indicators, if you select that option, will now be included in your ThreatQ Threat Library.