Lists of found IOCs
Accessing the lists
To access the complete list of all found IOCs:
-
In the top menu, click Status. Click the Add link from the side menu.
-
Select the Detected IOCs list in the Security section.
To access the list for a specific IOC:
-
Click the
icon located to the right of the relevant IOC to open its context menu. -
Select View IOC detections. The Detected IOCs list opens, filtered by the selected IOC.
To view the list of detected IOCs associated with a search task:
-
Click Tasks in the top menu. A list appears with all created tasks.
-
Find the relevant IOC search task and click the View results link.
Required permissions
To view and access lists related to IOCs, it is necessary for the Search for and manage IOCs permission to be assigned to the user account role.
IOCs found in a search task
| Field | Description | Values |
|---|---|---|
|
Computer |
Name of the computer with the IOC. |
Character string. |
|
Folder within the Advanced EDR folder tree the computer belongs to. |
Character string |
|
|
Status |
Task status. |
|
|
Detected IOCs |
Number of IOCs detected on the computer. |
Character string |
|
Start date |
Date and time the task started. |
Date |
|
End date |
Date the task ended. |
Date |
Fields in the View detected IOCs list
When you view the results of an IOC search, in the upper-right corner of the page there is the option View detected IOCs. Click this link to display the complete list of IOCs found by the search task.
| Field | Description | Values |
|---|---|---|
|
Computer |
Name of the computer where the IOC was detected. |
Character string |
|
Group |
Folder within the Advanced EDR folder tree the computer belongs to. |
Character string |
|
Detected IOC name |
Name of the IOC found on the computer. |
Character string |
|
Detected IOC description |
Description assigned by the administrator when registering the IOC. |
Character string |
|
Date |
Date when the IOC was detected on the computer. |
Date |
Filter tool
| Field | Description | Values |
|---|---|---|
|
Status |
Task status. |
|
|
Detections |
Result of the search for IOCs. |
|
Detected IOCs
Shows all IOCs found on the computers on your network by all the IOC search tasks executed. If a task identifies the same IOC more than once on a computer, the duplicate results are deleted.
| Field | Description | Value |
|---|---|---|
|
Computer |
Name of the computer where the IOC was detected. |
Character string |
|
Group |
Folder within the Advanced EDR folder tree the computer belongs to. |
Character string |
|
Task |
Name of the task that detected the IOC. |
Character string |
|
IOC name |
Detected IOC name. |
Character string |
|
Detection date |
Date the IOC was detected. |
Date |
To see a graphical representation of the list data, go to the Most detected IOCs widget.
Fields displayed in the exported file
| Field | Description | Value |
|---|---|---|
|
Client |
Name of the customer account. |
Character string |
|
Computer type |
Type of device. |
|
|
Computer |
Name of the computer where the IOC was detected. |
Character string |
|
IOC name |
Detected IOC name. |
Character string |
|
IOC description |
Description of the IOC found on the computer. |
Character string |
|
IOC ID |
Internal ID of the IOC. It matches the content of the id field in the JSON file. |
Character string |
|
Task |
Name of the task that detected the IOC. |
Character string |
|
Date |
Date the IOC search task was run. |
Date |
|
Group |
Folder within the Advanced EDR folder tree the computer belongs to. |
Character string |
|
IP address of the computer where the IOC was detected. |
IP address |
|
|
Domain of the computer where the IOC was detected. |
Character string |
|
|
Description |
Description of the IOC found on the computer. |
Character string |
Fields displayed in the detailed Excel export file
| Field | Description | Value |
|---|---|---|
|
Client |
Name of the customer account. |
Character string |
|
Computer type |
Type of device. |
|
|
Computer |
Name of the computer where the IOC was detected. |
Character string |
|
IOC name |
Detected IOC name. |
Character string |
|
IOC description |
Description of the IOC found on the computer. |
Character string |
|
IOC ID |
Internal ID of the IOC. It matches the content of the id field in the JSON file. |
Character string |
|
Task |
Name of the task that detected the IOC. |
Character string |
|
Date |
Date the IOC search task was run. |
Date |
|
Group |
Folder within the Advanced EDR folder tree the computer belongs to. |
Character string |
|
IP address |
IP address of the computer where the IOC was detected. |
IP address |
|
Domain |
Domain of the computer where the IOC was detected. |
Character string |
|
Description |
Description of the IOC found on the computer. |
Character string |
|
Detected item |
Identifies the items defined in the IOC that have been detected on the computer. |
|
Filter tools
| Field | Description | Value |
|---|---|---|
|
Dates |
Date the IOC was detected. |
|
|
Computer type |
Type of device the IOCs were detected on. |
|
Detected IOC page
Click any of the rows in the list to open the Detected IOC page with detailed information.
| Field | Description | Values |
|---|---|---|
|
Name |
Detected IOC name. |
Character string |
|
Detection date |
Date the IOC was detected. |
Date |
|
Computer |
Name of the computer where the IOC was detected. |
Character string |
|
Identifier |
Internal ID of the IOC. It matches the content of the id field in the JSON file. |
Character string |
|
Description |
Description assigned to the IOC. |
Character string |
|
Pattern (STIX) |
Attribute and value of the STIX definition used to find the potential threat. |
Character string |
|
Modified |
Date the IOC was modified. |
Date |
|
Created |
Date the IOC was created. |
Date |
|
Detected items |
Identifies the items defined in the IOC that have been detected on the computer. |
|