Search for threat information based on threat name

On the Indicator Search page, you can search for detailed threat information based on the threat name. This search allows you to discover whether a threat is currently active in your network. If events for the threat are detected, the Indicator Search page shows the total number of events in a graph. You can select to show events based on a specific date range or from the last 24 hours, 7 days, 30 days, or this month. You can also filter events by a specific time of day.

How to

  1. In the navigation menu, select Intelligence > Indicator Search.
    Note: If you are trying the new Enterprise Center interface, in the navigation menu, select Threat Analytics > Indicator Search.
  2. In the text box, enter the threat name. If ETP predicts the threat name as you enter it, the name appears in a menu and you can select it.
  3. Review information about the threat. For more information about the fields that are shown, see Indicator search.
  4. To show events in a graph based on a specific date range:
    1. Click the calendar icon or the provided date range.
    2. Select the first date and then the last date of the range.
  5. To show events that occurred at a specific time of day, enter the start and end time in a 24-hour clock format.
  6. To show events in a graph from the last 24 hours, 7 days, 30 days, or this month, select one of these options from the menu that appears beside the calendar icon:
    • Last 24 hours
    • Last 7 days
    • This Month
    • Last 30 days