Skip to main content

Threat Search

This feature provides you with access to the all the useful information we have related to threats and offer a search engine to query that data for our partners and some of our specific products. You can submit queries and perform interactive requests, using certain indicators or filtering criteria.

There are two ways of interacting with our databases and performing queries:

  • The Simple Search - a simple, straightforward way to search for Threat Information related to a specific IoC (indicator of compromise). You can search for a domain, URL, IP, hash, or certificate hash. Learn more

  • The Cumulative Search - search for threats using multiple identifiers, both of the same kind or different. It also comes with auto-complete and provides suggestions based on partially entered search identifiers. Learn more

Both types of queries return information in the following format:

intellizone_threat_search_example_485824_en.png

  1. IoC Reputation - this section displays recent reputation information related to the IoC. The age of the information provided is anywhere between 1h and 14 days.

    Depending on the type of indicator, and the information available, this section will contain different data, or will not be displayed at all:

    • URL and domain IoCs - the search returns information on weather or not the URL is safe, including additional information, such as the type of threat found in the URL(if found unsafe), the category of the content available on the URL, and others.

      If no information is available, the IoC reputation section will not be included in the reply.

    • IP IoCs - the search returns malicious information known about a certain public IP, IPv4 or IPv6. If such information is found, it is delivered with additional context, a timestamp and a TTL (time-to-live).

      If the IP is safe, or no information is available, the IoC reputation section will not be included in the reply.

    • Hash and certificate hash IoCs - the search returns information on whether or not the associated file or certificate is safe. If the hash is known to us and malicious, additional information on the threat it contains is included.

      If the file is safe, or no information is available, the IoC reputation section will not be included in the reply.

    The section contains the most basic information related to the IoC. Click the Details Panel button to display additional details.

    Note

    If the associated entity is marked as safe, or no additional information on the IoC is available, the IoC reputation section will not be included in the reply.

  2. Threat lists - this section displays a list of known threats that are associated to the IoC, including additional relevant information, if available. The information provided contains all activity associated to the IoC, from present day to and up to 5 years in the past.

    If the IoC is associated to an entity marked as safe, is unknown to us, or not currently associated with any threats, no results are displayed.

    The search results will display basic information regarding the threat under multiple columns. Lick on the ID of the threat under the Threat ID column to display additional information.

In this section: