Search for threats based on domain
You can complete a domain search on the
Indicator Search page or the Dashboard. If a domain is blocked or associated with a threat
category, detailed information about the domain appears, including a history of when the
domain was first detected and upgraded to a security threat.
If the domain does not host harmful content, the indicator search only shows a graph with DNS activity for the time period you selected.
Note: If you believe a domain is misclassified, ETP allows you to
report the domain to our analysts. For more information see Report a misclassified domain.
How to
What you should see
- A graph illustrating the number of DNS requests that occurred for the domain in the specified time period.
- A table showing the complete history of the domain as tracked by Enterprise Threat Protector (ETP). For example, the table shows when the application began tracking the domain as a threat.
- Additional information about the domain as described in Indicator Search: Additional Domain Information.
- If the domain is associated with a specific threat, the name of the threat appears. You can hover over the threat name to read more information about the threat. The window that appears provides a threat description, the severity level, external links, and a graph with the number of events related to this threat from the last 30 days.