Filter Hash Control Records

To help you quickly respond to malware-related activity, you can easily filter the number of results on the Hash Control page using one or more search conditions.
  1. From the ESM Console, select
    Policies
    Malware
    Hash Control
    .
  2. Filter the results displayed on the Hash Control page using any of the following methods:
    Import and run a previously-saved search query
    1. Click the button to expand the list of available actions and search queries.
    2. Select
      Import Search
      .
    3. Browse
      to and
      Upload
      an XML file containing a previously saved search query. The
      Hash Control
      page automatically applies the imported search query.
    Use a predefined search query
    1. Click the button to expand the list of available actions and search queries.
    2. Select from one of the following predefined search queries:
      • Malware discovered in the last day
      • Malware discovered in the last week
      • Restore candidates
        —Displays the files that have been quarantined that are eligible for restoration
      • Last 1000 manual overrides
        —Displays the files which have an administrative hash control policy to override the official WildFire verdict
      • Last 1000 unknown files
        —Displays files which have not been submitted to WildFire for analysis or for which the official WildFire verdict is unknown
      • Last 1000 upload errors
        —Displays any files which encountered errors during the submission process to WildFire
      The
      Hash Control
      page displays up to 1000 records which match your predefined search conditions.
    Perform a complex search query
    1. Specify whether to match
      Any
      of the conditions you specify (similar to an OR operation) or to match
      All
      of the conditions (similar to an AND operation).
    2. To clear all existing search conditions, click . Or, to remove a single search term, click next to the condition you want to remove.
    3. Select your search condition, operator, and value. For options, see File Hash Search Conditions.
    4. To enter additional search conditions, click next to the condition. The
      Hash Control
      page adds an additional search condition for you to configure.
    5. When you are done adding conditions, click
      Search
      . The
      Hash Control
      page displays up to 1000 records which match your search conditions.
  3. (
    Optional
    ) To run you search query at a later time, export it to a file.
    1. Click the button to expand the list of available actions and search queries.
    2. Select
      Export Search
      . The ESM Console saves your search parameters to an XML file.

Recommended For You