Indicator Search

The Indicator Search is designed to be simple and easy to use:

  • Start your investigation with a known IOC

  • Copy & paste the indicator(s) into the search field and find ALL connected events associated with that indicator

  • Drill down into specific events by pivoting into the Data Explorer with prebuilt SQL queries

  • Find additional indicators in the Data Explorer and perform another search to gain additional context about the attack

  • Continue to pivot through your data to map the entire attacker footprint

Indicator Search

As with all of our enterprise features, access to the Indicator Search can be limited through our Role-Based Access Control system.