Seqrite Endpoint Security 8.2

Endpoint Threat Hunting

Print Friendly, PDF & Email

On this page, you can create and manage ETH searches. Also, you can view table of all blocked hashes. You can unblock the hash.
To add Search, do the following

  1. Go to Configurations > Endpoint Threat Hunting.
  2. The list of searches which are already added appears. Click the Add button. The Add Search dialog appears.
  3. Enter Search Name and Description.
  4. Select Action from the list. You can select Quarantine or Quarantine and Block or Delete or No action option.
  5. Select Search Mode.
    a. Manual Search mode is selected by default. With Manual Search, you can search 1 to 5 entries at a time.
    b. Enter Hash Code that you want to search in the text box. The Hash Type of the code appears in the corresponding box.
    c. Click +Add Entry to add search entry.
    You can enter maximum 5 search entries in Manual Search mode.
    You can delete the search entry with help of delete icon of the corresponding entry.
  6. If you want Bulk Search, select Search Mode as Bulk Search.
    a. Download the CSV template from the link.
    b. Fill hash codes that you want to search in the CSV file.
    c. Save the file. The file size must be less than or equal to 1 MB.
    d. Click Upload CSV file to upload the file. The file name appears when the file is uploaded successfully.
  7. Click Save.
    The search is saved in the Existing Scan table.

To initiate the scan with your newly added Search, refer Existing Scan from See ETH Scan.

Deleting search

  1. In the search table, select the check box of the search that you want to delete. An action bar is enabled above the table.
  2. Select Delete.
  3. Click Submit button.
  4. The confirmation message appears. Click Yes.
  5. The success message appears. Click OK.

    6. The selected search is removed.

Viewing details of the search

  1. In the search table, click the Details link of the search to view more details. A dialog appears showing Hash Code and Hash Type.
  2. Click Close.

Blocked Hashes

You can view the table of blocked hashes.
The Block hash action is supported for ETH on demand search flow only.
The hashes are blocked for 15 days only. The table shows the expiry date along with other details.
You can click the Details link of the search to view more details.

Unblocking Hashes

  1. In the search table, select the check box of the search for which you want to unblock hash. An action bar is enabled above the table.
  2. Select Unblock.
  3. The confirmation message appears. Click Yes.
  4. The success message appears. Click OK.

    5. The hash is unblocked.

Was this page helpful?
Yes No

Leave a Comment