Search for threats based on domain

You can complete a domain search from the Dashboard or the Indicator Search page. If a domain is blocked or associated with a threat category, detailed information about the domain appears, including a history of when the domain was first detected and upgraded to a security threat.

If the provided domain is not known to host harmful content, the Indicator Search page shows a graph of DNS activity for the time period you specify.

How to

  1. Go to the Dashboard or the Indicator Search page. From the navigation menu, do one of these steps:
    • Select Monitoring > Dashboard.
    Note: If you are trying Enterprise Threat Protector with the new Enterprise Center interface, you cannot search for a domain on the new dashboard.
    • Select Intelligence > Indicator Search
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Indicator Search.
  2. In the Indicator Search text box, enter a valid domain and press Enter or click the search icon. If the domain is detected to host harmful content, detailed history and information about it appears.
  3. To modify the time period associated with the graphs and domain history:
    • Click the calendar icon and in the calendar, select the date or date range you want. To set a date range, you must select a start date and an end date in the calendar. To filter by a specific time of day, enter the start and end time in a 24-hour clock format.
    • In the menu beside the calendar icon, select one of these date ranges:
      • Last 1 Year
      • All Time
      • This Month
      • Last Month
      • This Year