About the search request history
This section describes the search request history that is displayed on every threat search page.
Storing the search requests
When a search is performed using Kaspersky CyberTrace Web, information about it is stored in the history. The log file itself is not stored when a log file search is performed, only strings from the log file that contained detected indicators are stored; also, the file itself is not stored when a file hash search is performed.
For each authenticated user, the CyberTrace HTTP service stores the following amount of information:
- Last 1000 indicator search requests made in the last three months.
- Last 1000 log file search requests made in the last three months.
- Last 1000 file hash search requests made in the last three months.
Displaying the search request history
Every search page contains a form with the request history. The request history form contains requests of the corresponding search request type:
- Single indicator search request
- Log file search request
- File hash search request
If you have signed in as an administrator, the search request history of all users is available; otherwise, only the current user's search request history is available.
The search requests are displayed from the last to the first. The active page contains up to 20 search requests. If there are more than 20 search requests available, you can display others by using the navigation controls.
You can specify the period during which the search requests to display were made:
- Last hour
- Last day
- Last week
- Last month (30 days)
- Last 3 months (91 days)
- Arbitrary period
Single indicator search request history
Single indicator search request history
The form with the history of single indicator search requests displays the following data:
- The search result
It is
Detectedif the indicator is detected one or more times,Not detectedif the indicator is not detected, orCanceledif the search operation was canceled.This information is displayed in the Status column.
- Date of request in the format
yyyy-mm-dd HH:MM:SSFor example,
2012-12-31 23:58:25.This information is displayed in the Date column.
- Name of the user who performed the search request
This information is displayed in the User column and can be seen only by administrators.
- Indicator that was searched for
This information is displayed in the Search string column.
For a search operation that was not canceled, if you select an indicator, the full search result and the button for exporting the search result are displayed.
Log file search request history
Log file search request history
The form with the history of log file search requests displays the following data:
- The search result
It is
Detectedif indicators in the log file are detected one or more times,Not detectedif no indicator is detected, orCanceledif the search operation was canceled.This information is displayed in the Status column.
- Date of request in the format
yyyy-mm-dd HH:MM:SSFor example,
2012-12-31 23:58:25.This information is displayed in the Date column.
- Name of the user who performed the search request
This information is displayed in the User column and can be seen only by administrators.
- Log file in which the indicators were searched for
This information is displayed in the Log file column.
For a search operation that was not canceled, if you select a row in the table, the full search result and the button for exporting the search result are displayed.
File hash search request history
File hash search request history
The form with the history of file hash search requests displays the following data:
- The search result
It is
Detectedif the file hash is detected one or more times,Not detectedif the file hash is not detected, orCanceledif the search operation was canceled.This information is displayed in the Status column.
- Date of request in the format
yyyy-mm-dd HH:MM:SSFor example,
2012-12-31 23:58:25.This information is displayed in the Date column.
- Name of the user that performed the search request
This information is displayed in the User column and can be seen only by administrators.
- Name of the file whose hash was searched for
This information is displayed in the File column.
- File hash that was searched for
This information is displayed in the Checksum column.
For a search operation that was not canceled, selecting a file hash will display the full search result and the button for exporting the search result.