Start a Quick Search
Table of Contents
Start a Quick Search
Start a simple search for an artifact from
any page in AutoFocus™, or use the AutoFocus search editor to perform
complex searches, with conditions that allow you to narrow or broaden
the scope of your search.
Toggle your view of search results
to find:
- The samples matched to your search conditions (WildFire tab).
- The sessions during which the samples were detected (Activity tab).
- The threat indicators found in the returned samples and the DNS history and PAN-DB categorization of the results (Indicators tab).
After performing a search, you can drill down
in sample results to find artifacts seen with that sample. For each
artifact associated with a sample, AutoFocus lists the number of
times the artifact has been detected with benign (
), grayware (
), and malware (
) samples. Artifacts
that are seen disproportionately with malware are indicated to be Suspicious or Highly
Suspicious. AutoFocus also makes it easy to view indicators
that are found with your search results.
), grayware (
), and malware (
) samples. Artifacts
that are seen disproportionately with malware are indicated to be Suspicious or Highly
Suspicious. AutoFocus also makes it easy to view indicators
that are found with your search results.Start searching through
samples and sessions for matches to an artifact from any page on
the AutoFocus portal.
- Click the spyglass icon in the support account area of the portal.You can also press Alt+s to open quick search. To close quick search, click thexon the top right corner of the search box or click anywhere on the dimmed area of the interface.
- Enter an artifact to search.When an artifact is incomplete, quick search suggests a list of artifact types that it recognizes.
- Select the scope of the search based on the artifact type.For example, the string ImASampleFile.pl can be a Filename, a Domain, or a URL. To search for the file ImASampleFile.pl, select an area to search under the category Filename.
The areas to choose from vary depending on the artifact entered.- PanDB/pDNS—View PAN-DB categorization entries, WildFire™ active DNS history, and passive DNS history that match the artifact.
- Go to Sample Detail—(SHA256, SHA1, and MD5 artifacts only) View details about the sample, such as its WildFire verdict (benign, grayware, malware, phishing, or benign) and analysis information.
- Search for My Samples—Search for the artifact in your organization’s private samples.
- Search for Public Samples—Search for the artifact in all samples that are shared to the AutoFocus community.
- Search for All Samples—Search for the artifact in private and public samples.
- Search for Sessions—Search for the artifact in session information.
- Show Session Stats—View statistics based on sessions that contain the artifact.
- View the search results in the search editor.
- Choose from the following options:
- Work with the Search Editor to perform more complex searches.
- Drill Down in Search Results to explore additional options and information related to the artifact.