Searching for indicators
On the Kaspersky CyberTrace web user interface, you can use the Search page to search for threat indicators. To access this page, you need to switch to the Data management mode.
This feature can be disabled due to restrictions imposed by the licensing level.
From the Search page, you can access tabs for individual search types:
- Indicator. Search for the specified indicator.
This tab opens by default.
- Log files. Search for indicators from uploaded log files.
- File hashes. Search for hashes of uploaded files.
The Search page
Each search request is added to the search request history.
Saving search results
You can save the result of a search operation to a text file.
The result will be saved in a file named kl_lookup_result_%TYPE%_hhmmss_ddMMyyyy.txt. Here, %TYPE% is either indicator (for a single indicator search), logfiles (for a log files search), or files (for a file hashes search).
A full report about a search result is a CSV file. In the first line of this file, the field names are listed. The remaining lines of the report contain the field values, enclosed in quotation marks. If a field value has a quotation mark, a second quotation mark is added. All data is delimited by semicolons.
Different search types imply different sets of fields in a report file. The field sets for each search type are described in a section for that particular search type.
Canceling the search
You can cancel the search operation.
The Cancel button
To cancel the search operation,
Click the Cancel button in the right part of the screen.
If the search operation is canceled, the search request is added to the search request history, and the search status is Canceled. The search result form is cleared. The information about the processed item is added to the search requests history, with a remark that the search process was not finished.