IOC Detection
One of EdgeRun.Ai's most powerful features is automatic IOC (Indicator of Compromise) detection. The Chrome extension scans web pages in real-time to identify potential security indicators.
What Are IOCs?
Indicators of Compromise are artifacts observed on a network or system that indicate a potential intrusion or malicious activity. Common IOCs include:
- IP Addresses - Network addresses of malicious servers
- Domain Names - Malicious or compromised websites
- URLs - Specific malicious links
- File Hashes - Unique identifiers for malware files
- Email Addresses - Used in phishing or C2 communication
Automatic Detection
The EdgeRun.Ai extension automatically scans pages for the following IOC types:
| IOC Type | Pattern | Example |
|---|---|---|
| IPv4 | Standard dotted decimal | 192.168.1.1 |
| IPv6 | Colon-separated hexadecimal | 2001:0db8:85a3::8a2e:0370:7334 |
| Domain | FQDN format | malware.example.com |
| URL | HTTP/HTTPS links | https://bad.com/malware.exe |
| MD5 | 32 hex characters | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | 40 hex characters | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | 64 hex characters | e3b0c44298fc1c149afbf4c8996fb924... |
| Standard email format | attacker@malicious.com |
Using the IOC Scanner
Navigate to a Page
Go to any webpage containing potential IOCs - threat reports, blog posts, security articles, etc.
Click the Extension Icon
Click the EdgeRun.Ai shield icon in your Chrome toolbar to open the extension popup.
Scan for IOCs
Click "Scan for IOCs" or "Detect Indicators". The extension will analyze the page content.
Review Results
View the detected IOCs categorized by type. Each IOC shows its value and where it was found on the page.
Add to Investigation
Select the IOCs you want to keep and add them to an investigation with one click.
IOC Enrichment
When you add IOCs to an investigation, EdgeRun.Ai automatically enriches them with threat intelligence:
🌍 Geolocation
IP addresses are mapped to geographic locations, countries, and cities.
🏢 ASN Information
Autonomous System Number and organization ownership for IP addresses.
⚠️ Reputation Scores
Threat scores from AbuseIPDB, AlienVault OTX, and other sources.
📋 WHOIS Data
Domain registration information including registrar, dates, and contacts.
🔗 DNS Records
A, AAAA, MX, NS, and other DNS record types for domains.
🦠 Malware Info
File hash lookups against malware databases and sample information.
Defanged IOCs
EdgeRun.Ai automatically recognizes "defanged" IOCs - indicators that have been modified to prevent accidental clicks or execution:
| Defanged Format | Recognized As |
|---|---|
hxxp:// or hxxps:// |
HTTP/HTTPS URL |
example[.]com |
Domain name |
192[.]168[.]1[.]1 |
IPv4 address |
example[dot]com |
Domain name |
user[@]example.com |
Email address |
Manual IOC Entry
You can also manually add IOCs that weren't automatically detected:
- Open your investigation in the Hunter Portal
- Click "Add IOC" or "+" button
- Select the IOC type from the dropdown
- Enter the IOC value
- Add optional notes or tags
- Click "Save"
Selector Search
Use the Selector Search feature to quickly look up any IOC:
- Navigate to "Selectors" in the Hunter Portal
- Enter an IP, domain, hash, or other IOC
- View aggregated results from all integrated sources
- Add interesting findings to an investigation
Bulk IOC Import
Need to import many IOCs at once? EdgeRun.Ai supports bulk import:
- Prepare a list of IOCs (one per line)
- Go to your investigation
- Click "Bulk Import"
- Paste your IOC list
- EdgeRun.Ai will automatically categorize and add them
IOC Best Practices
- Verify before acting - IOCs can have false positives; always verify context
- Check reputation scores - High confidence scores are more reliable
- Note the source - Where you found the IOC matters for attribution
- Use enrichment data - Geolocation and ASN info provide valuable context
- Build IOC libraries - Maintain curated lists for your team
- Watch for pivots - One IOC often leads to related indicators