Lists of found IOCs

Accessing the lists

To access the complete list of all found IOCs:
  • In the top menu, click Status. Click the Add link from the side menu.

  • Select the Detected IOCs list in the Security section.

To access the list for a specific IOC:
  • In the top menu, click Settings. Click IOC gallery.

  • Click the icon located to the right of the relevant IOC to open its context menu.

  • Select View IOC detections. The Detected IOCs list opens, filtered by the selected IOC.

To view the list of detected IOCs associated with a search task:
  • Click Tasks in the top menu. A list appears with all created tasks.

  • Find the relevant IOC search task and click the View results link.

Required permissions

To view and access lists related to IOCs, it is necessary for the Search for and manage IOCs permission to be assigned to the user account role.

IOCs found in a search task

Field Description Values

Computer

Name of the computer with the IOC.

Character string.

Group

Folder within the Advanced EDR folder tree the computer belongs to.

Character string

Status

Task status.

  • Pending

  • In progress

  • Finished

  • Failed

  • Canceled (the task could not start at the scheduled time)

  • Canceled

  • Canceling

  • Canceled (maximum run time exceeded)

Detected IOCs

Number of IOCs detected on the computer.

Character string

Start date

Date and time the task started.

Date

End date

Date the task ended.

Date

IOC search results list

Fields in the View detected IOCs list

When you view the results of an IOC search, in the upper-right corner of the page there is the option View detected IOCs. Click this link to display the complete list of IOCs found by the search task.

Field Description Values

Computer

Name of the computer where the IOC was detected.

Character string

Group

Folder within the Advanced EDR folder tree the computer belongs to.

Character string

Detected IOC name

Name of the IOC found on the computer.

Character string

Detected IOC description

Description assigned by the administrator when registering the IOC.

Character string

Date

Date when the IOC was detected on the computer.

Date

Fields in the View detected IOCs list

Filter tool
Field Description Values

Status

Task status.

  • All statuses

  • Pending

  • In progress

  • Finished

  • Failed

  • Canceled (the task could not start at the scheduled time)

  • Canceled

  • Canceling

  • Canceled (maximum run time exceeded)

Detections

Result of the search for IOCs.

  • All

  • No detections

  • With detections

Filter tools

Detected IOCs

Shows all IOCs found on the computers on your network by all the IOC search tasks executed. If a task identifies the same IOC more than once on a computer, the duplicate results are deleted.

Field Description Value

Computer

Name of the computer where the IOC was detected.

Character string

Group

Folder within the Advanced EDR folder tree the computer belongs to.

Character string

Task

Name of the task that detected the IOC.

Character string

IOC name

Detected IOC name.

Character string

Detection date

Date the IOC was detected.

Date

Fields in the Detected IOCs list

Fields displayed in the exported file
Field Description Value

Client

Name of the customer account.

Character string

Computer type

Type of device.

  • Workstation

  • Laptop

  • Server

Computer

Name of the computer where the IOC was detected.

Character string

IOC name

Detected IOC name.

Character string

IOC description

Description of the IOC found on the computer.

Character string

IOC ID

Internal ID of the IOC. It matches the content of the id field in the JSON file.

Character string

Task

Name of the task that detected the IOC.

Character string

Date

Date the IOC search task was run.

Date

Group

Folder within the Advanced EDR folder tree the computer belongs to.

Character string

IP address

IP address of the computer where the IOC was detected.

IP address

Domain

Domain of the computer where the IOC was detected.

Character string

Description

Description of the IOC found on the computer.

Character string

Fields in the exported table

Fields displayed in the detailed Excel export file
Field Description Value

Client

Name of the customer account.

Character string

Computer type

Type of device.

  • Workstation

  • Laptop

  • Server

Computer

Name of the computer where the IOC was detected.

Character string

IOC name

Detected IOC name.

Character string

IOC description

Description of the IOC found on the computer.

Character string

IOC ID

Internal ID of the IOC. It matches the content of the id field in the JSON file.

Character string

Task

Name of the task that detected the IOC.

Character string

Date

Date the IOC search task was run.

Date

Group

Folder within the Advanced EDR folder tree the computer belongs to.

Character string

IP address

IP address of the computer where the IOC was detected.

IP address

Domain

Domain of the computer where the IOC was detected.

Character string

Description

Description of the IOC found on the computer.

Character string

Detected item

Identifies the items defined in the IOC that have been detected on the computer.

  • Name, path, and hash of the file

  • IP address and port

  • Domain and port

Fields displayed in the detailed Excel export file

Filter tools
Field Description Value

Dates

Date the IOC was detected.

  • Last 24 hours

  • Last 7 hours

  • Last month

  • Custom range

Computer type

Type of device the IOCs were detected on.

  • Workstation

  • Laptop

  • Server

Filters available in the Detected IOCs list

Detected IOC page

Click any of the rows in the list to open the Detected IOC page with detailed information.

Field Description Values

Name

Detected IOC name.

Character string

Detection date

Date the IOC was detected.

Date

Computer

Name of the computer where the IOC was detected.

Character string

Identifier

Internal ID of the IOC. It matches the content of the id field in the JSON file.

Character string

Description

Description assigned to the IOC.

Character string

Pattern (STIX)

Attribute and value of the STIX definition used to find the potential threat.

Character string

Modified

Date the IOC was modified.

Date

Created

Date the IOC was created.

Date

Detected items

Identifies the items defined in the IOC that have been detected on the computer.

  • Name, path, and hash of the file

  • IP address and port

  • Domain and port

Fields in the Detected IOC page