Strata Cloud Manager
Monitor: IOC Search
Table of Contents
Expand All
|
Collapse All
Strata Cloud Manager Docs
-
- Strata Copilot
- Command Center: Strata Cloud Manager
-
- Dashboard: Build a Custom Dashboard
- Dashboard: Executive Summary
-
- WildFire Dashboard: Filters
- WildFire Dashboard: Submissions and Verdicts
- WildFire Dashboard: Analysis Insights
- WildFire Dashboard: Verdict Trends
- WildFire Dashboard: Verdict Distribution
- WildFire Dashboard: Recent Submissions
- WildFire Dashboard: Submissions Per Source Application
- WildFire Dashboard: Submission Per Destination User
- WildFire Dashboard: Malware Regions
- WildFire Dashboard: Firewalls
- Dashboard: DNS Security
- Dashboard: AI Runtime Security
- Dashboard: IoT Security
- Dashboard: Prisma Access
-
- Application Experience Dashboard: Mobile User Experience Card
- Application Experience Dashboard: Remote Site Experience Card
- Application Experience Dashboard: Experience Score Trends
- Application Experience Dashboard: Experience Score Across the Network
- Application Experience Dashboard: Global Distribution of Application Experience Scores
- Application Experience Dashboard: Experience Score for Top Monitored Sites
- Application Experience Dashboard: Experience Score for Top Monitored Apps
- Application Experience Dashboard: Application Performance Metrics
- Application Experience Dashboard: Network Performance Metrics
- Dashboard: Best Practices
- Dashboard: Compliance Summary
-
- Prisma SD-WAN Dashboard: Device to Controller Connectivity
- Prisma SD-WAN Dashboard: Applications
- Prisma SD-WAN Dashboard: Top Alerts by Priority
- Prisma SD-WAN Dashboard: Overall Link Quality
- Prisma SD-WAN Dashboard: Bandwidth Utilization
- Prisma SD-WAN Dashboard: Transaction Stats
- Prisma SD-WAN Dashboard: Predictive Analytics
- Dashboard: PAN-OS CVEs
- Dashboard: CDSS Adoption
- Dashboard: Feature Adoption
- Dashboard: On Demand BPA
- Manage: IoT Policy Recommendation
- Manage: Enterprise DLP
- Manage: SaaS Security
- Manage: Prisma Access Browser
- Reports: Strata Cloud Manager
-
-
- Strata Cloud Manager Release Information
-
- New Features in March 2025
- New Features in February 2025
- New Features in January 2025
- New Features in December 2024
- New Features in November 2024
- New Features in October 2024
- New Features in September 2024
- New Features in August 2024
- New Features in July 2024
- New Features in June 2024
- New Features in May 2024
- New Features in April 2024
- New Features in March 2024
- New Features in February 2024
- New Features in January 2024
- New Features in November 2023
- New Features in October 2023
- New Features in September 2023
- Known Issues
- Addressed Issues
- Getting Help
Monitor: IOC Search
You can search on a security artifact to interact with data just for that
artifact.
Where Can I Use This? | What Do I Need? |
---|---|
|
Each of these licenses include access to Strata Cloud Manager:
The other licenses and prerequisites needed for visibility
are:
→ The features and capabilities available to you in Strata Cloud Manager depend on which license(s) you are
using.
|
You can search on a security artifact to interact with data just for that artifact.
Search results include:
- The artifact’s history and activity in your network. Assess how prevalent the artifact is in your network and compare to industry peers.
- Palo Alto Networks threat intelligence on the artifact, based on analysis of all the traffic Palo Alto Networks processes and analyzes.
- Consolidated third-party analysis findings for the artifact.
Click MonitorIOC Search to get started.

To get started, search for one of these types of artifacts: a file hash, a
URL, a domain, or an IP address (IPv4 or IPv6).
IP Address
You can look for an IP address to analyze the threat information related to IP address activities
in your network. The following data is displayed in the search result:
- Total number of times an IP address was detected in your network over the past 30 days.
- Graphical representation of action taken (allow or block) on IP address.
- List of DNS requests that contain the IP address based on the Palo Alto Networks threat intelligence and third-party sources.

Domain
View a summary of the activities associated with the domain in your network. The search results
include :
- Classification of the domain in your network based on the WildFire sample analysis.
- Total number of activities associated with the domain over the past 30 days.
- Enforcement applied to each activity in a graphical format.
- Information from WildFire analysis that supports the data used to assign the verdict for the domain.
- DNS activity collected from across all WildFire submissions that contain instances of this domain.

URL
Learn about the URL’s activity across all traffic Palo Alto Networks analyzes. The search results
include :
Summary - Review a summary
of the URL's activity in your network. Data includes: DNS Security
findings for the URL and the PAN-DB Categorization. ![]() | |
Screenshot - Shows a snapshot of the website when you search on a
URL artifact. | |
Analysis - See the file
analysis data that includes the requests made globally for this
URL, and files detected with this URL. You can use the file hash
value or the file view to know more. ![]() |
File Hash
File hash search summarizes the file
details in a report based on data generated during WildFire analysis. You can
download the report as a PDF or MAEC file in cases where the sample is
determined to be malicious, phishing, grayware, or benign. Unknown samples do
not generate a report.
WildFire samples that generate a verdict
provide file information and session information at a minimum; while samples
that have undergone additional analysis produce specific analysis data that is
relevant to actions taken by the sample. You can drill down on the search
results to review the following information categories:
File Information - View general file information,
including the file hash, size, and type, as categorized by
WildFire. You can also the see the verdict of the sample
here. Alternatively, you can search directly on
VirusTotal for additional
infomration about suspicious files, domains, URLs, IP
addresses using the supplied hash value. If the verdict is
classified incorrectly, request for a verdict change. The
Palo Alto Networks threat team investigates further on the
sample and updates the verdict if found incorrect.
You can also download the WildFire report of the selected
sample hash as a PDF or MAEC file.
![]() | |
Session Information - Learn about the
network session for a sample. Use this data to learn more
about the context of the threat, know the affected hosts and
clients, and the applications used to deliver the
malware.
![]() | |
Static Analysis - Static analysis looks at the
contents of a specific file before the file is executed in
the WildFire analysis environment. This also shows the
suspicious file properties, processes, and behaviors
detected during static analysis. The search result varies
depending on the file type.
![]() | |
Dynamic Analysis - When WildFire encounters a sample
that requires additional analysis, such as an unknown
sample, the file is forwarded to the Advanced WildFire cloud
an is inspected in detail using WildFire dynamic
analysis. You can pivot between the various
analysis environments used to view the specific analysis
results generated by each. This can include samples analyzed
by Advanced WildFire
techniques (Intelligent Run-time Memory Analysis
analysis, hypervisor Dynamic Analysis, Dependency Emulation,
etc.), a cloud-based engine that detects and prevents highly
evasive malware threats. You can view the observed behaviors
and use this information for post execution analysis. You
can check the process activities involved, and the sequence
of events that took place in your system while executing the
file.
![]() | |
Actions Monitored - Review various sample process
activity details that WildFire recorded during sample
analysis.
![]() |