IOC Attributes

The Threat Hunting page now allows to perform a file based search.
Please refer the following steps to perform file based search-

• Navigate to Threat Hunting page andg click the File Based Search tab from the top left corner.
• This opens the list of files uploaded.
• on this screen. click the Upload File button available at the top right corner.
  This opens an Upload File pop up screen. Here, you will have to fill in the Mandatory fields such as Name and Description.

The further steps to upload files are mentioned here-

Steps to perform the IOC Attributes Upload

• Click the 'Download Sample Template' button to download the csv file.
• The CSV will accept only first 100 IOCs entered
• Ensure that the file size is not more than 1 MB
• Save the file to your computer

Once the process mentioned for File Based Search is done,

• Click 'Upload'

Important- Currently, we support the attributes URL, Domains,IP Address, and Hash Values In the Downloaded Sample Template, if you want to keep one or more IOC attributes such as URLs, then please delete the rest of sample attributes and upload the file.

Once the file is uploaded, you will see the success message on the top right corner of the screen.
Now, from the list of files displayed on the screen you can select desired file and click the three dots menu on the right side of the selected row.

• Click ‘View Results’option from the three dots
• This opens the Search bar where you can choose Alerts/ Processes by clicking the desired option.
• Here you can perform multiple searches at a time by entering the attributes,
• To narrow down the desired search, you can click the Add button available besides the search bar. Here you can add filters to narrow down the desired searches.
• The View filter available besides the Add button allows you to choose the results per timeline, such as for last 24 hours, last week and so on.
  While the Host dropdown helps you to perform searches for the selected hosts.