Simplified AutoFocus Searches
Table of Contents
Expand all | Collapse all
-
- New Features October 2020
- New Features September 2020
- New Features: August 2020
- New Features: April 2020
- New Features: November 2019
- New Features: May 2019
- New Features: March 2019
- New Features: February 2019
- New Features: November 2018
- New Features: October 2018
- New Features: September 2018
- New Features: August 2018
- New Features: July 2018
- New Features: June 2018
Simplified AutoFocus Searches
You can now find AutoFocus artifacts using
the simplified quick search option in the
Search
menu.
Quick search allows you to configure a search using frequently used
conditions. These conditions include: verdict, timeframe (first
seen and time), source, tags, and IOC (indicators of compromise).
Should you need to add additional variables, you can switch to the
advanced search mode, and add items based on the initial simple
search.- Start an AutoFocus search.
- AutoFocus defaults to the search mode that was last used. If AutoFocus is in the advanced search mode, switch toSimple mode.
- Configure your search by selecting the desired search variables from the drop-down menus. You can select from the following categories: Verdict, First Seen, Time, Source, Tags, and IOC (indicators of compromise). AutoFocus automatically refreshes after each variable is selected or modified.
- Verdict—Select fromMalware,Grayware,Benign,Phishing, andAny Verdictto search for samples based on a verdict.
- First SeenandTime—First configure the search to find samples based on when it wasFirst Seen(the time stamp of when the sample was first forwarded or uploaded to WildFire for analysis) or byTime(the time stamp of when the session started), then set the search to display data for the last 1, 7, 30, 90, or 180 days. You can also set the search to display data by setting the time range toAny Time.The time setting for a search does not filter the scope (My Samples, (private), Public Samples, or All Samples (private and public samples)) of the sample data set.
- Source—Select fromFirewall,Proofpoint,Traps,Magnifier,Manual API,Traps Android,WF Appliance, andAny Sourceto search for samples based on the upload source.
- Tag—Select from a list of tags or filter the list by entering a keyword to search for samples associated with a tag.
- IOC—Search based on the following indicators of compromise:Hash,IP Address,Domain,URL,User Agent,Email Address, andFilename
- If you want to add other conditions to the search, you can switch toAdvancedmode. Switching to advanced mode retains the condition values selected from the simple search mode. From here, you can add additional search conditions that are not available in simple search mode.If you add search conditions that are not available in simple mode while in advanced mode, you will be prompted to reset your search when returning to simple mode.