Endpoint Threat Hunting

Print Friendly, PDF & Email

On this page, you can create and manage ETH searches.
To add Search, do the following

  1. Go to Configurations > Endpoint Threat Hunting.
  2. The list of searches which are already added appears. Click the Add button. The Add Search dialog appears.
  3. Enter Search Name and Description.
  4. Select Action from the list. You can select Quarantine or Delete or No action option.
  5. Select Search Mode.
    a. Manual Search mode is selected by default. With Manual Search, you can search 1 to 5 entries at a time.
    b. Enter Hash Code that you want to search in the text box. The Hash Type of the code appears in the corresponding box.
    c. Click +Add Entry to add search entry.
    You can enter maximum 5 search entries in Manual Search mode.
    You can delete the search entry with help of delete icon of the corresponding entry.
  6. If you want Bulk Search, select Search Mode as Bulk Search.
    a. Download the CSV template from the link.
    b. Fill hash codes that you want to search in the CSV file.
    c. Save the file. The file size must be less than or equal to 1 MB.
    d. Click Upload CSV file to upload the file. The file name appears when the file is uploaded successfully.
  7. Click Save.
    The search is saved in the Existing Scan table. To initiate the scan with your newly added Search, refer Existing Scan from See ETH Scan.
Was this page helpful?