Single indicator search
You can search for a single indicator by selecting the Indicator tab on the Search page. To access this page, you need to switch to the Data management mode.
The Indicator tab
Search for objects
You can search for one of the following indicator types:
- Hash
- IP address
- URL
To search for an indicator:
- Enter the indicator in the search field.
- Click the Search button.
The search result will appear in the Search report section.
Indicator search syntax
You can search for a URL in two ways:
- By specifying the full URL
- By specifying only the domain name
When searching for a hash or an IP address, specify the full indicator, as described in the section about indicator search syntax.
Search result
After a search is performed, Kaspersky CyberTrace Web displays the result in the Search report section.
The Search report section
The search result consists of the following data:
- Requested indicator
- Category of the requested indicator
- Fields of feed records that matched the indicator
If the feeds do not contain information about the requested indicator, a message about this is displayed.
- Link or links to detailed information about the requested indicator
- Button to download the report about the search result
If the indicator is not detected because it belongs to the FalsePositive supplier, the search result displays the message that no matching indicators are found, as well as the link that redirects you to the search page of Kaspersky Threat Intelligence Portal.
If you run a search and then switch to another tab, the search results will become available in the search request history.
Downloading search reports
You can download a report with the results of the search operation. The report is a .csv file.
To download a report,
Click the Download full report button, and then, if asked, specify the directory to which you want to save the report.
Regular expressions for searching indicators
To search for indicators, Kaspersky CyberTrace Web uses the regular expressions defined in the Kaspersky CyberTrace Service configuration file. The regular expressions are specified by a special event source called http_single_lookup.