Network Detections Advanced Search Filter

Views:

To view specific data, select from the following optional attributes and operators, and type an associated value.

Search Criteria: Network Detections

Attribute	Operator	Action
Host Name	Contains/Does not contain/Starts with/Equals	Type a value
Interested Host	Contains/Does not contain/Starts with/Equals	Type a value
Peer Host	Contains/Does not contain/Starts with/Equals	Type a value
IP Address	Contains/Does not contain/Equals	Type a value
IP Address	In range/Not in range	Type a range
Interested IP Address	Contains/Does not contain/Equals	Type a value
Interested IP Address	In range/Not in range	Type a range
Peer IP Address	Contains/Does not contain/Equals	Type a value
Peer IP Address	In range/Not in range	Type a range
Peer IP Country/Region	In/Not in	Select one or more peer IP countries
MAC Address	In/Not in	Type a value
Network Group	Contains/Does not contain/Equals	Type a value
User Account	Has user account/No user account
User Account	Contains/Does not contain	Type a value
Protocol	In/Not in	Select one or more protocols
Transport Layer Security (TLS)	Equals	Select one of the following: Over SSL/TLS Not over SSL/TLS
Direction	Equals	Select one of the following: Internal External
Threat/Detection/Reference	Contains/Does not contain/Equals	Type a value
Detection Rule ID	In/Not in	Type a range
YARA Rule File Name	Has YARA rule file name/No YARA rule file name
YARA Rule File Name	Contains/Does not contain/Equals	Type a value
Correlation Rule ID (ICID)	In/Not in	Type a value
Detection Type	In/Not in	Select one or more of the following: Malicious Content Malicious Behavior Suspicious Behavior Exploit Grayware Malicious URL Disruptive Application Correlated Incident
Attack Phase	In/Not in	Select one or more of the following: Intelligence Gathering Point of Entry C&C Communication Lateral Movement Asset/Data Discovery Data Exfiltration Unknown Attack Phase
Tactics	Has tactics/No tactics
Tactics	In/Not in	Select one or more of the following: Initial Access Execution Persistence Privilege Escalation Defense Evasion Credential Access Discovery Lateral Movement Collection Exfiltration Command and Control Impact
URL Category	In/Not in	Select one or more URL categories
C&C List Source	In/Not in	Select one or more of the following: Global Intelligence Virtual Analyzer User-defined Relevance Rule
C&C Callback Address	Contains/Does not contain	Type a value
C&C Risk Level	In/Not in	Select one or more of the following: Low Medium High Unknown
Virtual Analyzer Result	Has analysis results/No analysis results
PCAP File	Has PCAP file/No PCAP file
Is Targeted Attack Related	Equals	Select one of the following: Yes No
File Detection Type	In	Select one or more of the following: Highly Suspicious File Heuristic Detection Known Malware
File Path/File Name	Has file name/No file name
File Path/File Name	Contains/Does not contain/Equals	Type a value
File SHA-1	Has file SHA-1/No file SHA-1/
File SHA-1	Contains/Does not contain	Type a value
File SHA-256	Has file SHA-256/No file SHA-256
File SHA-256	Contains/Does not contain	Type a value
Domain/URL	Contains/Does not contain/Equals	Type a value
Suspicious Object/Deny List Entity/User-Defined SO	Contains/Does not contain/Starts with/Equals	Type a value
Sender (Email)	Has sender/No sender
Sender (Email)	Equals/Contains/Does not contain	Type a value
Recipient (Email)	Has recipient/No recipient
Recipient (Email)	Equals/Contains/Does not contain	Type a value
Message ID (Email)	Has message ID/No message ID
Message ID (Email)	Contains/Does not contain	Type a value
Subject (Email)	Has subject/No subject
Subject (Email)	Contains/Does not contain	Type a value

For details, see the following: