File hashes search
You can search for file hashes by selecting the File tab after selecting the Search tab.
The File tab
Search for objects
You can specify one or more files. The search will be done for the MD5 hashes of these files.
To search for file hashes:
- Select the files that you want to search for. Do one of the following:
- Click the Select files button, and then select the log files.
- Drag the log files into the colored area.
- Click the Search button.
The search result will appear below in the Summary section.
Search result
After a search is performed, CyberTrace Web displays the result in the Summary section.
The Summary section
The search result consists of the following data:
- Number of processed hash files
- Number of detected indicators
- Number of detections for each category
For every checked file hash, the following information is displayed:
- File name
- MD5 file hash
The file hash is linked to detailed information about the object.
- Fields of feed records that matched the indicator
- Message that there is no detection (if the file hash is not detected)
If no information is found for the requested indicator, the message about this appears. This message displays a link that redirects you to the search page of Kaspersky Threat Intelligence Portal.
If you run a search and then switch to another tab, the search results will become available in the search request history.
Downloading search reports
You can download a report with the results of the search operation. The report is a .csv file.
To download a report:
Click the Download report link and specify the directory to which you want to save the report.
A full report about a search result has the following fields:
file_name—Name of the file whose hash is detecteddetected_indicator—The detected hashcategory—Category of the detected hash- Context fields from the feed