On the Kaspersky CyberTrace web user interface you can select the Search tab to activate a form for searching threat indicators.
In the Kaspersky CyberTrace version 3.0 this tab was named Lookup.
The threat search can be disabled due to restrictions imposed by the licensing level.
From the Search tab you can access pages for individual indicator types:
In the text field enter a hash, IP address, domain, or URL and click the Search button.
This page opens by default.
Starting from Kaspersky CyberTrace version 3.1.0, each search request is added to the search request history.
Search reports
You can save the result of a search operation to a text file.
The result will be saved in a file named kl_lookup_result_%TYPE%_hhmmss_ddMMyyyy.txt
. Here %TYPE%
is either indicator (for a single indicator search), or logfiles (for a log files search), or files (for a file hashes search).
A full report about a search result is a CSV file. In the first line of this file, the field names are listed. The remaining lines of the report contain the field values enclosed in quotation marks. If a field value has a quotation mark, a second quotation mark is added. All data is delimited by semicolons.
Different search types imply different sets of fields in a report file. The field sets for each search type are described in a section that concerns a search of a particular type.
You can also cancel the search operation.
To cancel the search operation:
A confirmation window opens.
If the search operation is canceled, the search request is added to the search request history, and the search result is Canceled
.