To view specific data, select from the following optional attributes and operators and type an associated value.
Attribute |
Operator |
Action |
---|---|---|
Peer Host |
Contains/Does not contain/Starts with/Equals |
Type a value |
Peer IP Address |
Contains/Does not contain/Equals |
Type a value |
In range/Not in range |
Type a range |
|
Peer MAC Address |
In/Not in |
Type a value |
Peer Network Group |
Contains/Does not contain/Equals |
Type a value |
Peer IP Country/Region |
In/Not in |
Select one or more peer IP countries |
User Account |
Has user account/No user account |
|
Contains/Does not contain |
Type a value |
|
Protocol |
In/Not in |
Select one or more protocols |
Transport Layer Security (TLS) |
Equals |
Select one of the following:
|
Direction |
Equals |
Select one of the following:
|
Threat/Detection/Reference |
Contains/Does not contain/Starts with/Equals |
Type a value |
Detection Rule ID |
In/Not in |
Type a value |
YARA Rule File Name |
Has YARA rule file name/No YARA rule file name |
|
Contains/Does not contain/Equals |
Type a value |
|
Correlation Rule ID (ICID) |
In/Not in |
Type a value |
Detection Type |
In/Not in |
Select one or more of the following:
|
Attack Phase |
In/Not in |
Select one or more of the following:
|
Tactics |
Has tactics/No tactics |
|
In/Not in |
Select one or more of the following:
|
|
URL Category |
In/Not in |
Select one or more URL categories:
|
C&C List Source |
In/Not in |
Select one or more of the following:
|
C&C Callback Address |
Contains/Does not contain/Equals |
Type a value |
C&C Risk Level |
In/Not in |
Select one or more of the following:
|
Virtual Analyzer Result |
Has analysis results/No analysis results |
|
PCAP File |
Has PCAP file/No PCAP file |
|
Is Targeted Attack Related |
Equals |
Select one of the following:
|
File Detection Type |
In |
Select one or more of the following:
|
File Path/File Name |
Has file name/No file name |
|
Contains/Does not contain/Equals |
Type a value |
|
File SHA-1 |
Has file SHA-1/No file SHA-1/ |
|
Contains/Does not contain |
Type a value |
|
File SHA-256 |
Has file SHA-256/No file SHA-256 |
|
Contains/Does not contain |
Type a value |
|
Domain/URL |
Has network object/No network object |
|
Contains/Does not contain/Equals |
Type a value |
|
Suspicious Object/Deny List Entity/User-Defined SO |
Contains/Does not contain/Stars with/Equals |
Type a value |
Sender (Email) |
Has sender/No sender |
|
Contains/Does not contain/Equals |
Type a value |
|
Recipient (Email) |
Has recipient/No recipient |
|
Contains/Does not contain/Equals |
Type a value |
|
Message ID (Email) |
Has message ID/No message ID |
|
Contains/Does not contain |
Type a value |
|
Subject (Email) |
Has subject/No subject |
|
Contains/Does not contain |
Type a value |
For details, see the following: