Single indicator search

You can search for a single indicator by selecting the Indicator tab after selecting the Search tab.

Search objects

You can search for an indicator of one of the following object types:

• Hash
• IP address
• Domain
• URL

Indicator search syntax

You can search for a URL in two ways:

• By specifying the full URL
• By specifying only the domain name

When searching for a hash or an IP address, you have to specify the full indicator.

For more information about indicator search syntax, see section "Indicator search syntax".

Search result

After a search is performed, CyberTrace Web displays the result, which consists of the following data:

• Category of the requested object
• Fields of feed records that matched the indicator

  If the feeds do not contain information about the requested object, the message about this fact is displayed.

• Link to the information about the object on Kaspersky Threat Intelligence Portal.

Notice that if you run a search and then switch to another tab, the search results will become available in the search request history.

Downloading search reports

You can download a report with the results of the search operation. The report is a .csv file.

To download a report,

Click the Download report link and specify the directory to which you want to save the report.

Regular expressions for searching indicators

To search for indicators, CyberTrace Web uses regular expressions defined in the Feed Service configuration file (you can browse or edit them by using Kaspersky CyberTrace Web). The regular expressions are specified by a special event source called http_single_lookup. For more information about regular expressions for searching indicators, see section "About event sources".

Page top