Search for threat information based on threat name

On the Indicator Search page, you can search for detailed threat information based on the threat name. This search allows you to discover whether a threat is currently active in your network. If events for the threat are detected, the Indicator Search page shows the total number of events in a graph. You can select to show events based on a specific date range or from the last 24 hours, 7 days, 30 days, or this month. You can also filter events by a specific time of day.

How to

  1. In the Enterprise Center navigation menu, select Threat Analytics > Indicator Search.
  2. In the text box, enter the threat name. If ETP predicts the threat name as you enter it, the name appears in a menu and you can select it.
  3. Review information about the threat.
  4. To modify the search time period, do the following:
    1. Click the calendar icon.
    2. On the window that displays, select the date range you want or choose a predefined period. Then select a start and end time if you want to limit the search to a specific time range.
    3. Click Apply.

What you should see

ETP returns the following information about found events:
  • Definition of threat. Defines the threat and describes how it spreads and affects a network.
  • Also known as. If the threat is known by other names, these names are also listed.
  • Severity level. Indicates the severity level that is associated with the threat. For more about these levels, see Severity levels.
  • Type. Indicates the type of threat. For example, this field indicates if it’s a worm, malware, trojan, or another threat type.
  • External links. For additional information about the threat, external links to resources on the Internet are also provided.
  • Events. If there are events associated with the threat or threat type, a graph appears with a total number of events that occurred during the specified time period.