Type |
Item |
---|---|
FQDN / IP address / Hostname |
Specify the remote endpoint FQDN, IP address, or hostname to identify network connections that the investigated endpoint made Note:
The IPv6 format is not supported. Examples:
|
User name |
Specify the name of the Active Directory account or local user Examples:
Note:
Use the local user account name only (<user name>). Do not include the domain name. |
File name |
Specify the full file name including extension Example:
|
File hash value |
Specify the hash value of a file. Example:
|
File directory |
Specify the full path excluding file name Example:
Note:
Do not include the file name. |
Registry key |
Specify the full or partial registry key, value name, or value data Note:
Examples:
|
Registry value name |
|
Registry value data |
|
CLI command |
Specify the command line parameters. Note:
Using command line as investigation criteria has the following limitations:
Examples:
|