About Affected Hosts - Host Details Advanced Search Filter

To view specific data, select from the following optional attributes and operators and type an associated value.

Table 1. Search Filter Criteria: Affected Hosts - Host Details

Attribute

Operator

Action

Host Name

Contains/Does not contain/Starts with/Equals

Type a value

IP Address

Contains/Does not contain/Equals

Type a value

In range/Not in range

Type a range

MAC Address

In/Not in

Type a value

Network Group

Contains/Does not contain/Equals

Type a value

IP Country

In/Not in

Select one or more peer IP countries

User Account

Has user account/No user account

 

Contains/Does not contain

Type a value

Protocol

In/Not in

Select one or more protocols

Transport Layer Security (TLS)

Equals

Select one of the following:

  • Over SSL/TLS

  • Not over SSL/TLS

Direction

Equals

Select one of the following:

  • Internal

  • External

Threat/Detection/Reference

Contains/Does not contain/Equals

Type a value

Detection Rule ID

In/Not in

Type a value

Correlation Rule ID (ICID)

In/Not in

Type a value

Detection Type

In/Not in

Select one or more of the following:

  • Malicious Content

  • Malicious Behavior

  • Suspicious Behavior

  • Exploit

  • Grayware

  • Malicious URL

  • Disruptive Application

  • Correlated Incident

Attack Phase

In/Not in

Select one or more of the following:

  • Intelligence Gathering

  • Point of Entry

  • C&C Communication

  • Lateral Movement

  • Asset/Data Discovery

  • Data Exfiltration

  • Unknown Attack Phase

URL Category

In/Not in

Select one or more URL categories

C&C List Source

In/Not in

Select one or more of the following:

  • Global Intelligence

  • Virtual Analyzer

  • User-defined

  • Relevance Rule

C&C Callback Address

Contains/Does not contain

Type a value

C&C Risk Level

In/Not in

Select one or more of the following:

  • Low

  • Medium

  • High

  • Unknown

Virtual Analyzer Result

Has analysis results/No analysis results

PCAP File

Has PCAP file/No PCAP file

Is Targeted Attack Related

Equals

Select one of the following:

  • Yes

  • No

File Detection Type

In

Select one or more of the following:

  • Highly Suspicious File

  • Heuristic Detection

  • Known Malware

File Name

Has file name/No file name

Contains/Does not contain/Equals

Type a value

File SHA-1

Has file SHA-1/No file SHA-1/

Contains/Does not contain

Type a value

File SHA-256

Has file SHA-256/No file SHA-256

Contains/Does not contain

Type a value

IP Address/Domain/URL

Contains/Does not contain/Equals

Type a value

Suspicious Object/Deny List Entity

Contains/Does not contain/Stars with/Equals

Type a value

Sender (Email)

Has sender/No sender

Equals/Contains/Does not contain

Type a value

Recipient (Email)

Has recipient/No recipient

Equals/Contains/Does not contain

Type a value

Message ID (Email)

Has message ID/No message ID

Contains/Does not contain

Type a value

Subject (Email)

Has subject/No subject

Contains/Does not contain

Type a value

For details, see the following: