Searching indicators
On the Kaspersky CyberTrace web user interface you can select the Search tab to activate a form for searching threat indicators.
In the Kaspersky CyberTrace version 3.0 this tab was named Lookup.
The threat search can be disabled due to restrictions imposed by the licensing level.
From the Search tab you can access pages for individual indicator types:
- Indicator—Single indicator.
In the text field enter a hash, IP address, domain, or URL, and then click the Search button.
This page opens by default.
- Log file—Indicators from log files.
- File—File hashes.
The Search tab
Starting from Kaspersky CyberTrace version 3.1.0, each search request is added to the search request history.
Saving search results
You can save the result of a search operation to a text file.
The result will be saved in a file named kl_lookup_result_%TYPE%_hhmmss_ddMMyyyy.txt. Here %TYPE% is either indicator (for a single indicator search), logfiles (for a log files search), or files (for a file hashes search).
A full report about a search result is a CSV file. In the first line of this file, the field names are listed. The remaining lines of the report contain the field values, enclosed in quotation marks. If a field value has a quotation mark, a second quotation mark is added. All data is delimited by semicolons.
Different search types imply different sets of fields in a report file. The field sets for each search type are described in a section for that particular search type.
Canceling the search
You can cancel the search operation.
The Cancel button
To cancel the search operation:
- Click the Cancel button in the middle of the screen.
A confirmation window opens.
- Select Cancel the search, if you want to cancel the search operation.
If the search operation is canceled, the search request is added to the search request history, and the search result is
Canceled. The search result form is cleared and the "Operation is canceled" message is displayed. The information about the processed item is added to the search requests history with a remark that the search process was not finished.