Threat Searches

You can search for potential threats on your network.

This option is available if you have Intercept X Advanced with EDR or Intercept X Advanced with EDR for Server.

You can search for SHA-256 file hashes, file names, IP addresses or domains (either complete or partial), or command lines. Typically, you get this search information from other security products or threat notification services.

Threat searches find the following:

  • Portable executable files (like applications, libraries, system files) with an uncertain or bad reputation.
  • IP addresses or domains that those files have connected to.
  • Admin tools that have been run. These tools can be misused.

You can also run a threat search from within a threat case. That finds more examples of the potential threats identified in that case.

Note Searches for command lines and admin tools may not be available for all customers yet.

You can save threat searches. Re-running searches let you check whether potential threats have spread to more devices.

New threat search

To find potential threats:

  1. In New threat search enter SHA-256 file hashes, file names, IP addresses or domains (either complete or partial), or command lines.
  2. Click Search.
  3. Review the results on the Threat Search Results page. You can also take action there to isolate devices and clean up threats.
  4. Select the search and click Save search if you want to re-run it later.

Saved searches

Re-running saved threat searches lets you do as follows:

  • See if potential threats have spread to more devices.
  • Check the latest status of the threats on each device.

To re-run a search, click it in the Saved searches list.