About Affected Hosts - Host Details Advanced Search Filter Parent topic

To view specific data, select from the following optional attributes and operators and type an associated value.

Search Filter Criteria: Affected Hosts - Host Details

Attribute
Operator
Action
Host Name
Contains/Does not contain
Type a value
IP address
Contains/Does not contain
In range/Not in range
Type a value
Type a range
MAC address
In/Not in
Type a value
Network Group
In/Not in
Select one or more of the following:
  • All groups
  • Default
Registered Services
In/Not in
Select one or more of the following:
  • Active Directory
  • Authentication Servers - Kerberos
  • Content Management Server
  • Database Server
  • DNS
  • Domain Controller
  • File Server
  • FTP
  • HTTP Proxy
  • Radius Server
  • Security Audit Server
  • SMTP
  • SMTP Open Relay
  • Software Update Server
  • Web Server
Protocol
In/Not in
Select one or more of the following:
  • All protocol types
  • Desired protocol type(s)
  • Other
Transport Layer Security (TLS)
Over SSL/TLS/Not over SSL/TLS
 
Direction
Equals
Select one of the following:
  • Internal
  • External
Status
Equals
Select one of the following:
  • Resolved
  • Unresolved
Threat/Detection/Reference
Contains/Does not contain/Equals
Type a value
Detection Rule ID
In/Not in
Type a value
Correlation Rule ID (ICID)
In/Not in
Type a value
Detection Type
In/Not in
Select one or more of the following:
  • Malicious Content
  • Malicious Behavior
  • Suspicious Behavior
  • Exploit
  • Grayware
  • Malicious URL
  • Disruptive Application
  • Correlated Incident
Attack Phase
In/Not in
Select one or more of the following:
  • Intelligence Gathering
  • Point of Entry
  • C&C Communication
  • Lateral Movement
  • Asset/Data Discovery
  • Data Exfiltration
  • Unknown Attack Phase
C&C List Source
In/Not in
Select one or more of the following:
  • Global Intelligence
  • Virtual Analyzer
  • User-defined
C&C Callback Address
Contains/Does not contain/Equals
Type a value
C&C Risk Level
In/Not in
Select one or more of the following:
  • High
  • Medium
  • Low
Virtual Analyzer Result
Has analysis results/No analysis results
 
PCAP File
Has PCAP file/No PCAP file
 
Is Targeted Attack Related
Yes/No
 
File Detection Type
In
Select one or more of the following:
  • Highly Suspicious File
  • Heuristic Detection
  • Known Malware
File Name
Has file name/No file name
 
Contains/Does not contain
Type a value
File SHA-1
Has file SHA-1/No file SHA-1
 
Contains/Does not contain
Type a value
File SHA-256
Has file SHA-256/No file SHA-256
 
Contains/Does not contain
Type a value
IP Address/Domain/URL
Has network object/No network object
 
Contains/Does not contain/Equals
Type a value
Suspicious Object/Deny List Entity
Contains/Does not contain/Equals
Type a value
Email Address
Has email address/No email address
 
Contains/Does not contain
Type a value
Message ID (Email)
Has message ID/No message ID
 
Contains/Does not contain
Type a value
Subject (Email)
Has subject/No subject
 
Contains/Does not contain
Type a value