Simplified AutoFocus Searches

You can now find AutoFocus artifacts using the simplified quick search option in the
Search
menu. Quick search allows you to configure a search using frequently used conditions. These conditions include: verdict, timeframe (first seen and time), source, tags, and IOC (indicators of compromise). Should you need to add additional variables, you can switch to the advanced search mode, and add items based on the initial simple search.
  1. AutoFocus defaults to the search mode that was last used. If AutoFocus is in the advanced search mode, switch to
    Simple mode
    .
  2. Configure your search by selecting the desired search variables from the drop-down menus. You can select from the following categories: Verdict, First Seen, Time, Source, Tags, and IOC (indicators of compromise). AutoFocus automatically refreshes after each variable is selected or modified.
    • Verdict
      —Select from
      Malware
      ,
      Grayware
      ,
      Benign
      ,
      Phishing
      , and
      Any Verdict
      to search for samples based on a verdict.
    • First Seen
      and
      Time
      —First configure the search to find samples based on when it was
      First Seen
      (the time stamp of when the sample was first forwarded or uploaded to WildFire for analysis) or by
      Time
      (the time stamp of when the session started), then set the search to display data for the last 1, 7, 30, 90, or 180 days. You can also set the search to display data by setting the time range to
      Any Time
      .
      The time setting for a search does not filter the scope (My Samples, (private), Public Samples, or All Samples (private and public samples)) of the sample data set.
    • Source
      —Select from
      Firewall
      ,
      Proofpoint
      ,
      Traps
      ,
      Magnifier
      ,
      Manual API
      ,
      Traps Android
      ,
      WF Appliance
      , and
      Any Source
      to search for samples based on the upload source.
    • Tag
      —Select from a list of tags or filter the list by entering a keyword to search for samples associated with a tag.
    • IOC
      —Search based on the following indicators of compromise:
      Hash
      ,
      IP Address
      ,
      Domain
      ,
      URL
      ,
      User Agent
      ,
      Email Address
      , and
      Filename
    simple_mode-search-menu.png
  3. If you want to add other conditions to the search, you can switch to
    Advanced
    mode. Switching to advanced mode retains the condition values selected from the simple search mode. From here, you can add additional search conditions that are not available in simple search mode.
    advanced_mode-retain-conditions.png
    If you add search conditions that are not available in simple mode while in advanced mode, you will be prompted to reset your search when returning to simple mode.

Recommended For You