Contains and Does Not Contain Operators

  • Use the
    contains
    and
    does not contain
    operators if you know part of a value for a single artifact.
    Example:
    To search for samples or sessions with the network identifier 192.168 in the IP address, perform the search
    IP Address
    contains
    192.168
    .
    Using the
    does not contain
    operator will exclude samples or sessions with the network identifier 192.168 from your search results.
  • Searches with the
    contains
    and
    does not contain
    operators are not case-sensitive.
  • Any special characters that are not letters or numbers (e.g. period, backslash, hyphen, space, @ symbol) break up a value into two separate values. Type the full strings that appear in between special characters for accurate matches.
    Example 1:
    To search for all sessions sent from email addresses with the domain yahoo.com, perform the search
    Email Sender Address
    contains
    yahoo.com
    .
    The search
    Email Sender Address
    contains
    ahoo.com
    will return results from an email address with the domain ahoo.com, but not yahoo.com.
    The search
    Email Sender Address
    contains
    yahoo.co
    may return results from an email address with the domain yahoo.co.uk or yahoo.co.jp, but not yahoo.com.
    The search
    Email Sender Address
    contains
    yahoo
    will return results from an email address with the string
    yahoo
    in between special characters.
    Example 2:
    If the File Activity that WildFire has detected for a sample contains the string Windows\ServiceProfiles\LocalService, you can use any of the following terms as partial strings to search for the sample:
    • Windows
    • ServiceProfiles
    • LocalService

Related Documentation