General Artifacts
Table of Contents
Expand all | Collapse all
General Artifacts
General artifacts are artifacts that WildFire associates
with both samples and sessions. For example, you can use the artifact
type Domain to search based on domains found in samples and sessions.
Some general artifacts are tag-related. If you search with a
tag-related artifact, the search results display all samples that
have one or more tags that meet the search criteria, and their related
sessions.
The following general artifact types refer to private session
information: Domain, Email Address, Filename, IP Address, and URL.
If any of your private tags use these artifact types as tag conditions,
you cannot make these tags public.
Artifact Type | Search with this
Artifact Type to Find... |
|---|---|
Domain | |
Email Address | |
Filename | The File
Name of the sample or a filename that AutoFocus found in
the File
Activity of a sample. |
Hash | The sample’s MD5, SHA1, or SHA256 hash.
The search results also include samples in which AutoFocus found
the hash in the File
Activity of the sample.
|
Hash Lookup | The sample’s MD5, SHA1, or SHA256 hash.
The search results only include samples based strictly on the primary
sample hash value. Samples in which matching hashes are found in
the File
Activity of the sample are not included in the results. |
IP Address | A File
URL, Source
IP, or Destination
IP in a session, or an IP address detected in the Connection
Activity, DNS
Activity, or HTTP
Activity of a sample. |
Tag | Samples with a specific tag. |
Tag Alias | Samples filtered by Tag
Alias. |
Tag Class | Samples filtered by Tag
Class: a malware family, a campaign, an actor, an exploit,
or a type of malicious behavior. |
Tag Group | Samples filtered by the specified Tag Group. |
Tag Scope | Samples filtered by Tag
Scope: private, public, Unit 42 (alerting), or Unit 42 informational
(non-alerting). |
Tag Source | Samples with tags that are attributed to
a particular Tag
Source. |
Threat Name | Samples that match a particular threat signature. |
URL | A File
URL or a URL detected in the HTTP
Activity of a sample. |
User Agent | A user agent header detected
in the HTTP
Activity or User
Agent Fragments of a sample. The user agent header indicates
your browser type and version and your operating system and version.
During a session, your browser sends this information to the site
you are visiting to determine the best way to deliver the information
you requested. Examples of user agent strings include Mozilla/4.0 and Windows NT 6.1 . |
Saved Search | A user-configured search setting used to
quickly apply search conditions. |