Contains and Does Not Contain Operators

• Use the contains and does not contain operators if you know part of a value for a single artifact.
  Example:
  To search for samples or sessions with the network identifier 192.168 in the IP address, perform the search IP Addresscontains 192.168.
  Using the does not contain operator will exclude samples or sessions with the network identifier 192.168 from your search results.
• Searches with the contains and does not contain operators are not case-sensitive.
• Any special characters that are not letters or numbers (e.g. period, backslash, hyphen, space, @ symbol) break up a value into two separate values. Type the full strings that appear in between special characters for accurate matches.
  Example 1:
  To search for all sessions sent from email addresses with the domain yahoo.com, perform the search Email Sender Addresscontains yahoo.com.
  The search Email Sender Addresscontains ahoo.com will return results from an email address with the domain ahoo.com, but not yahoo.com.
  The search Email Sender Addresscontains yahoo.co may return results from an email address with the domain yahoo.co.uk or yahoo.co.jp, but not yahoo.com.
  The search Email Sender Addresscontains yahoo will return results from an email address with the string yahoo in between special characters.
  Example 2:
  If the File Activity that WildFire has detected for a sample contains the string Windows\ServiceProfiles\LocalService, you can use any of the following terms as partial strings to search for the sample:
  • Windows
  • ServiceProfiles
  • LocalService