Views:

To view specific data, select from the following optional attributes and operators and type an associated value.

Table 1. Search Filter Criteria: Affected Hosts - Host Details

Attribute

Operator

Action

Peer Host

Contains/Does not contain/Starts with/Equals

Type a value

Peer IP Address

Contains/Does not contain/Equals

Type a value

In range/Not in range

Type a range

Peer MAC Address

In/Not in

Type a value

Peer Network Group

Contains/Does not contain/Equals

Type a value

Peer IP Country/Region

In/Not in

Select one or more peer IP countries

User Account

Has user account/No user account

  

Contains/Does not contain

Type a value

Protocol

In/Not in

Select one or more protocols

Transport Layer Security (TLS)

Equals

Select one of the following:

  • Over SSL/TLS

  • Not over SSL/TLS

Direction

Equals

Select one of the following:

  • Internal

  • External

Threat/Detection/Reference

Contains/Does not contain/Starts with/Equals

Type a value

Detection Rule ID

In/Not in

Type a value

YARA Rule File Name

Has YARA rule file name/No YARA rule file name

  

Contains/Does not contain/Equals

Type a value

Correlation Rule ID (ICID)

In/Not in

Type a value

Detection Type

In/Not in

Select one or more of the following:

  • Malicious Content

  • Malicious Behavior

  • Suspicious Behavior

  • Exploit

  • Grayware

  • Malicious URL

  • Disruptive Application

  • Correlated Incident

Attack Phase

In/Not in

Select one or more of the following:

  • Intelligence Gathering

  • Point of Entry

  • C&C Communication

  • Lateral Movement

  • Asset/Data Discovery

  • Data Exfiltration

  • Unknown Attack Phase

Tactics

Has tactics/No tactics

  

In/Not in

Select one or more of the following:

  • Initial Access

  • Execution

  • Persistence

  • Privilege Escalation

  • Defense Evasion

  • Credential Access

  • Discovery

  • Lateral Movement

  • Collection

  • Exfiltration

  • Command and Control

  • Impact

URL Category

In/Not in

Select one or more URL categories:

  • Adware

  • C&C Server

  • Disease Vector

  • Coin Miners

  • Illegal or Prohibited Content

  • Malicious Domain

  • Malware Accomplice

  • Phishing

  • Proxy Avoidance and Anonymizers

  • Ransomware

  • Scam

  • Spyware

C&C List Source

In/Not in

Select one or more of the following:

  • Global Intelligence

  • Virtual Analyzer

  • User-defined

  • Relevance Rule

C&C Callback Address

Contains/Does not contain/Equals

Type a value

C&C Risk Level

In/Not in

Select one or more of the following:

  • Low

  • Medium

  • High

Virtual Analyzer Result

Has analysis results/No analysis results

PCAP File

Has PCAP file/No PCAP file

Is Targeted Attack Related

Equals

Select one of the following:

  • Yes

  • No

File Detection Type

In

Select one or more of the following:

  • Highly Suspicious File

  • Heuristic Detection

  • Known Malware

File Path/File Name

Has file name/No file name

  

Contains/Does not contain/Equals

Type a value

File SHA-1

Has file SHA-1/No file SHA-1/

  

Contains/Does not contain

Type a value

File SHA-256

Has file SHA-256/No file SHA-256

  

Contains/Does not contain

Type a value

Domain/URL

Has network object/No network object

  

Contains/Does not contain/Equals

Type a value

Suspicious Object/Deny List Entity/User-Defined SO

Contains/Does not contain/Stars with/Equals

Type a value

Sender (Email)

Has sender/No sender

  

Contains/Does not contain/Equals

Type a value

Recipient (Email)

Has recipient/No recipient

  

Contains/Does not contain/Equals

Type a value

Message ID (Email)

Has message ID/No message ID

  

Contains/Does not contain

Type a value

Subject (Email)

Has subject/No subject

  

Contains/Does not contain

Type a value

For details, see the following:

Parent topic: Affected Hosts Advanced Search Filter