Indicators View for Search Results

AutoFocus™ now provides a way for you to view the indicators that WildFire® observed in your search results. Indicators help you identify the areas of activity in your network that are more vulnerable to attacks than others. The following types of artifacts are considered indicators in AutoFocus:
  • IPv4
  • Mutex
  • URL
  • Domain
  • User agent
AutoFocus determines which artifacts are indicators through a statistical algorithm based on tendency of the artifact to be seen predominantly in malware samples.
  1. Start or continue an AutoFocus search.
  2. View the
    Indicators
    for the currently displayed page of search results. In the example below, you can see a consolidated view of the indicators from the fourth page of search results.
    indicators-tab-search.png
    • Note the number of samples associated with suspicious and highly suspicious indicators.
    • If you previously forwarded indicators from MineMeld to AutoFocus, indicators that match the forwarded indicators are marked with an indicator tag. Click on the tag to view the full list of matches.
    • Expand an indicator to view the SHA-256 hash of the sample(s) in which AutoFocus detected the indicator.
    View a complete overview of the Indicators tab.
  3. Return to the
    Samples
    search results, and view the
    Indicators
    for a sample.
    indicators-tab-sample.png

Recommended For You