Indicators View for Search Results
Table of Contents
Expand all | Collapse all
-
- New Features October 2020
- New Features September 2020
- New Features: August 2020
- New Features: April 2020
- New Features: November 2019
- New Features: May 2019
- New Features: March 2019
- New Features: February 2019
- New Features: November 2018
- New Features: October 2018
- New Features: September 2018
- New Features: August 2018
- New Features: July 2018
- New Features: June 2018
Indicators View for Search Results
AutoFocus™ now provides a way for you to view
the indicators that WildFire®
observed in your search results. Indicators help you identify the
areas of activity in your network that are more vulnerable to attacks
than others. The following types of artifacts are considered indicators
in AutoFocus:
- IPv4
- Mutex
- URL
- Domain
- User agent
AutoFocus determines which artifacts
are indicators through a statistical algorithm based on tendency
of the artifact to be seen predominantly in malware samples.
- Start or continue an AutoFocus search.
- View theIndicatorsfor the currently displayed page of search results. In the example below, you can see a consolidated view of the indicators from the fourth page of search results.
- Note the number of samples associated with suspicious and highly suspicious indicators.
- If you previously forwarded indicators from MineMeld to AutoFocus, indicators that match the forwarded indicators are marked with an indicator tag. Click on the tag to view the full list of matches.
- Expand an indicator to view the SHA-256 hash of the sample(s) in which AutoFocus detected the indicator.
View a complete overview of the Indicators tab. - Return to theSamplessearch results, and view theIndicatorsfor a sample.