All Detections Advanced Search Filter Parent topic

Use the advanced search filter to create and apply customized searches.
Note
Note
Include the following in each advanced search filter:
  • A maximum of 20 criteria sets
  • A maximum of 1024 characters in each text-based value field
Save up to 50 advanced search filters.
For details, see the following:
To view specific data, select from the following optional attributes and operators, and type an associated value.

Search Filter Criteria: All Detections

Attribute
Operator
Action
Examples
Host Name
Contains/Does not contain
Type a value
computer.example.com
IP address
Contains/Does not contain
In range/Not in range
Type a value
Type a range
10.1.1.2
MAC address
In/Not in
Type a value
AA:AA:AA:AA:AA:AA
Network Group
In/Not in
Select one or more of the following:
  • All groups
  • Default
 
Registered Services
In/Not in
Select one or more of the following:
  • Active Directory
  • Authentication Servers - Kerberos
  • Content Management Server
  • Database Server
  • DNS
  • Domain Controller
  • File Server
  • FTP
  • HTTP Proxy
  • Radius Server
  • Security Audit Server
  • SMTP
  • SMTP Open Relay
  • Software Update Server
  • Web Server
 
Protocol
In/Not in
Select one or more of the following:
  • All protocol types
  • Desired protocol type(s)
  • Other
 
Transport Layer Security (TLS)
Over SSL/TLS/Not over SSL/TLS
   
Direction
Equals
Select one of the following:
  • Internal
  • External
 
Status
Equals
Select one of the following:
  • Resolved
  • Unresolved
 
Threat/Detection/Reference
Contains/Does not contain/Equals
Type a value
VAN_RANSOMWARE.UMXX
Detection Rule ID
In/Not in
Type a value
707-710, 721-727
Correlation Rule ID (ICID)
In/Not in
Type a value
707-710, 721-727
Detection Type
In/Not in
Select one or more of the following:
  • Malicious Content
  • Malicious Behavior
  • Suspicious Behavior
  • Exploit
  • Grayware
  • Malicious URL
  • Disruptive Application
  • Correlated Incident
 
Attack Phase
In/Not in
Select one or more of the following:
  • Intelligence Gathering
  • Point of Entry
  • C&C Communication
  • Lateral Movement
  • Asset/Data Discovery
  • Data Exfiltration
  • Unknown Attack Phase
 
YARA Rule File/YARA Rule
Contains/Equals
Type a value
myYARAFile
Has YARA detection
   
C&C List Source
In/Not in
Select one or more of the following:
  • Global Intelligence
  • Virtual Analyzer
  • User-defined
  • Relevance Rule
 
C&C Callback Address
Contains/Does not contain/Equals
Type a value
computer.example.com
C&C Risk Level
In/Not in
Select one or more of the following:
  • High
  • Medium
  • Low
 
Virtual Analyzer Result
Has analysis results/No analysis results
   
PCAP File
Has PCAP file/No PCAP file
   
Is Targeted Attack Related
Yes/No
   
File Detection Type
In
Select one or more of the following:
  • Highly Suspicious File
  • Heuristic Detection
  • Known Malware
 
File Name
Has file name/No file name
   
Contains/Does not contain
Type a value
myFile
File SHA-1
Has file SHA-1/No file SHA-1
   
Contains/Does not contain
Type a value
5bf1fd927dfb8679496a2e6cf00cbe50c1c87145
File SHA-256
Has file SHA-256/No file SHA-256
   
Contains/Does not contain
Type a value
8b7df143d91c716ecfa5fc1730022f6b421b05cedee8fd52b1fc65a96030ad52
IP Address/Domain/URL
Has network object/No network object
   
Contains/Does not contain / Equals
Type a value
10.1.1.2
Suspicious Object/Deny List Entity
Contains/Does not contain/Equals
Type a value
5bf1fd927dfb8679496a2e6cf00cbe50c1c87145
Email Address
Has email address/No email address
 
example@example.com
Contains/Does not contain
Type a value
 
Message ID (Email)
Has message ID/No message ID
   
Contains/Does not contain
Type a value
950124.162336@example.com
Subject (Email)
Has subject/No subject
   
Contains/Does not contain
Type a value
mySubject