Strata Cloud Manager
Monitor: IOC Search
Table of Contents
Monitor: IOC Search
You can search on a security artifact to interact with data just for that
artifact.
| Where Can I Use This? | What Do I Need? |
|---|---|
|
Each of these licenses include access to Strata Cloud Manager:
The other licenses and prerequisites needed for visibility
are:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
You can search on a security artifact to interact with data just for that artifact.
Search results include:
- The artifact’s history and activity in your network. Assess how prevalent the artifact is in your network and compare to industry peers.
- Palo Alto Networks threat intelligence on the artifact, based on analysis of all the traffic Palo Alto Networks processes and analyzes.
- Consolidated third-party analysis findings for the artifact.
Click to get started.
To get started, search for one of these types of artifacts: a file hash, a
URL, a domain, or an IP address (IPv4 or IPv6).
IP Address
You can look for an IP address to analyze the threat information related to IP address activities
in your network. The following data is displayed in the search result:
- Total number of times an IP address was detected in your network over the past 30 days.
- Graphical representation of action taken (allow or block) on IP address.
- List of DNS requests that contain the IP address based on the Palo Alto Networks threat intelligence and third-party sources.
Domain
View a summary of the activities associated with the domain in your network. The search results
include :
- Classification of the domain in your network based on the WildFire sample analysis.
- Total number of activities associated with the domain over the past 30 days.
- Enforcement applied to each activity in a graphical format.
- Information from WildFire analysis that supports the data used to assign the verdict for the domain.
- DNS activity collected from across all WildFire submissions that contain instances of this domain.
URL
Learn about the URL’s activity across all traffic Palo Alto Networks analyzes. The search results
include :
Summary - Review a summary
of the URL's activity in your network. Data includes: DNS Security
findings for the URL and the PAN-DB Categorization. 
| |
Screenshot - Shows a snapshot of the website when you search on a
URL artifact. | |
Analysis - See the file
analysis data that includes the requests made globally for this
URL, and files detected with this URL. You can use the file hash
value or the file view to know more. 
|
File Hash
File hash search summarizes the file’s activity,
analysis of file properties, and details from WildFire sample analysis.
You can drill down on the search result to review the following
data:
Summary - View the file
hash verdict and the history of the file’s activity in your network.
Click the tag name to view the details of the tag. Tags can help
you understand if the file is part of any threat families, campaigns,
or actors. 
| |
WildFire Analysis - Assess how the sample (file) behaved during WildFire analysis. You can
view the information on the sample verdict, threat
indicators detected during sample analysis, and behavior
while processing the sample in the analysis environment. You
can also view the screenshots of the various process
milestones captured during the WildFire sample analysis. 
| |
| File Analysis - Compare the analysis before and after the execution of the sample (file) in the WildFire analysis environment. | |
Overview - Check the verdict of the sample here. If the verdict is classified incorrectly,
request for a verdict change. The Palo Alto Networks threat
team investigates further on the sample and updates the
verdict if found incorrect. 
| |
Static Analysis - Static
analysis looks at the contents of a specific file before the file
is executed in the WildFire analysis environment. The search also
shows the suspicious file properties found during static analysis.
The search result varies depending on the file type. The screenshot
here shows a static analysis for an archive file. 
| |
Observed Behavior -
Review the WildFire behavior analysis of the sample in a particular
environment. 
| |
Dynamic Analysis - Inspects the file in detail extracting additional information and
indicators for a compromised network. You can check the
process activities involved, and the sequence of events that
took place in your system while executing the file. 
| |
|
Advanced Dynamic Analysis - View the analysis results
of samples analyzed by Advanced WildFire
techniques (Intelligent Run-time Memory Analysis
analysis, hypervisor Dynamic Analysis, Dependency Emulation,
etc.), a cloud-based engine that detects and prevents highly
evasive malware threats. You can view the observed behaviors
and use this information for post execution analysis.
| |
Network Sessions - Learn
about the network session for a sample. Use this data to learn more
about the context of the threat, know the affected hosts and clients,
and the applications used to deliver the malware. | |
Coverage - Check the
signature coverage for a sample to assess the level of protection
against threats. You can view the signatures tagged to the domains
from where the sample was downloaded and the URLs that are accessed
by the sample. 
| |
Indicators - View the
artifacts that are indicators for a comprised network. The indicators
are categorized based on the artifact types; domain, IP address,
URL, user agent headers, and mutual exclusion objects. High-risk
artifacts are labeled as Suspicious or Highly Suspicious. 
|