The Indicator Search is designed to be simple and easy to use:
Start your investigation with a known IOC
Copy & paste the indicator(s) into the search field and find ALL connected events associated with that indicator
Drill down into specific events by pivoting into the Data Explorer with prebuilt SQL queries
Find additional indicators in the Data Explorer and perform another search to gain additional context about the attack
Continue to pivot through your data to map the entire attacker footprint
As with all of our enterprise features, access to the Indicator Search can be limited through our Role-Based Access Control system.