One cool feature included in AMP4E is the capability of running IoC scans.
Once you’ve rolled out the connector among the users’ computers you just need to upload the IoC files to your AMP4E dashboard and then choose whether to execute a scan on a single computer or for all the computers assigned to a particular policy.
Note that AMP4E doesn’t support STIX and hashes are MD5 instead SHA256. The files formar is XML. In this respect, there is room for improvement. In my opinion, sooner than later Cisco will catch up on this, but so far there is no roadmap as far as I know.
May you find the steps below:
Get more info at Cisco official documentation here