General Artifacts

General artifacts are artifacts that WildFire associates with both samples and sessions. For example, you can use the artifact type Domain to search based on domains found in samples and sessions.
Some general artifacts are tag-related. If you search with a tag-related artifact, the search results display all samples that have one or more tags that meet the search criteria, and their related sessions.
The following general artifact types refer to private session information: Domain, Email Address, Filename, IP Address, and URL. If any of your private tags use these artifact types as tag conditions, you cannot make these tags public.
Artifact Type
Search with this Artifact Type to Find...
Domain
A domain detected in the DNS Activity or HTTP Activity of a sample, or the File URL.
Email Address
Filename
The File Name of the sample or a filename that AutoFocus found in the File Activity of a sample.
Hash
The sample’s MD5, SHA1, or SHA256 hash. The search results also include samples in which AutoFocus found the hash in the File Activity of the sample.
Hash Lookup
The sample’s MD5, SHA1, or SHA256 hash. The search results only include samples based strictly on the primary sample hash value. Samples in which matching hashes are found in the File Activity of the sample are not included in the results.
IP Address
A File URL, Source IP, or Destination IP in a session, or an IP address detected in the Connection Activity, DNS Activity, or HTTP Activity of a sample.
Tag
Samples with a specific tag.
Tag Alias
Samples filtered by Tag Alias.
Tag Class
Samples filtered by Tag Class: a malware family, a campaign, an actor, an exploit, or a type of malicious behavior.
Tag Group
Samples filtered by the specified Tag Group.
Tag Scope
Samples filtered by Tag Scope: private, public, Unit 42 (alerting), or Unit 42 informational (non-alerting).
Tag Source
Samples with tags that are attributed to a particular Tag Source.
Threat Name
Samples that match a particular threat signature.
URL
A File URL or a URL detected in the HTTP Activity of a sample.
User Agent
A user agent header detected in the HTTP Activity or User Agent Fragments of a sample. The user agent header indicates your browser type and version and your operating system and version. During a session, your browser sends this information to the site you are visiting to determine the best way to deliver the information you requested. Examples of user agent strings include
Mozilla/4.0
and
Windows NT 6.1
.
Saved Search
A user-configured search setting used to quickly apply search conditions.

Related Documentation