AutoFocus™ Administrator’s Guide
    : Proximity Operator
    Focus
    Download PDF
    Focus
    1. Home
    2. AutoFocus
    3. AutoFocus™ Administrator’s Guide
    4. AutoFocus Search
    5. Guidelines for Partial Searches
    6. Proximity Operator
    Download PDF

    AutoFocus™ Administrator’s Guide

    Proximity Operator

    Table of Contents

    Proximity Operator

    • Use the
      proximity
       operator to search for multiple artifacts that can appear under a WildFire Analysis category of a sample. Enter two or more artifacts in the value field of the search condition.
      Example:
      The search
      Registry Activity
      proximity
      HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData ueepd-a.exe
      returns a sample that has both values in at least one of its registry activities:
    • The order in which the strings are entered does not affect the search results.
      Example:
      The search
      Registry Activity
      proximity
      ueepd-a.exe HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\AppData
       returns the same results as the previous example.
    • Searches with the
      proximity
       operator are not case-sensitive.
    • You can enter partial strings in a proximity search, but you must type the full strings that appear between any special characters that are not letters or numbers (e.g. period, backslash, hyphen, space, @ symbol) for accurate matches.
      Example:
      The search
      Registry Activity
      proximity
      HKCU\Software\Microsoft\Windows\CurrentVersion ueepd-a.exe
       returns the following results:
      The search
      Registry Activity
      proximity
      HKCU\Software\Microsoft\Windows\Current ueepd-a.exe
       will not return the search results above.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.