When managing the program web interface, users with the Senior security officer and Security officer roles can generate search queries and use IOC files and TAA (IOA) rules to search the events database for threats, for organizations whose data they are allowed to access.
To form search queries through the events database, you can use design mode or source code mode.
In design mode, you can create and modify search queries using drop-down lists with options for the type of field value and operators.
In source code mode, you can create and modify search queries using text commands.
You can upload an IOC file and search for events based on conditions defined in this IOC file.
You can also create TAA (IOA) rules based on event search conditions.