Filter domain history

If you search for a domain and it hosts harmful content, information about the domain, including a history of how the domain is tracked by Enterprise Threat Protector, appears on the Indicator Search page.

You can also review and filter domain history when viewing More Details or domain information in the Threat Events or AUP Events reports. The options available on these page either direct you to the Indicator Search page or provide information in a separate window.

You can filter domain history to locate entries that match specific keywords or terms.

How to

  1. If you are on the Dashboard or the Indicator Search page, search for a domain and go to step 3. For instructions see Search for a Domain.
    Note: If you are trying ETP with the new Enterprise Center interface, you cannot search for a domain. This functionality is available only in the original ETP user interface. To learn more about the new dashboard, see New Dashboard.
  2. To view domain history from a domain in the Threat Events or AUP Events report:
    1. In the navigation menu, select Monitoring > Events.
      Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Events.
    2. Select Threat Events or AUP Events.
    3. Filter the events as needed. For instructions, see Filter event data and Filter data based on date and time.
    4. If you haven’t done so already, click the Domain dimension, and do one of the following:
      • If the domain you want to view the history of is listed in the Top 6 domains, hover over the domain and click Domain Details. When hovering over the domain, you can also click the menu icon and click More Details. You are redirected to the Indicator Search page.
      • If the domain you want to view the history of is listed in the events grouped by domain area, click the information icon. The Indicator of Compromise (IOC) Details appear in a separate window. Otherwise, you can also click the domain and select More Details from the menu to go to the Indicator Search page. The domain history appears in the Changes & Graphs section.
  3. In the Search Domain History box, type a keyword or term that you want to use and press Enter. The search results appear.