Uploading an IOC file and searching for events based on conditions defined in the IOC file

To upload an IOC file and search for events based on conditions defined in the IOC file:

1. Select the Threat Hunting section in the program web interface window.

   This opens the event search form.

2. Click the Import button.

   This opens the file selection window.

3. Select the IOC file that you want to upload and click the Open button.

   The IOC file will be uploaded.

   On the Source code tab, the form containing event search conditions will display the conditions defined in the uploaded IOC file.

   You can search for events that match these conditions. You can also change the conditions defined in an uploaded IOC file, or add event search conditions in source code mode.

4. If you want to search events that occurred during a specific period, click the Any time button and select one of the following event search periods:
   • Any time, if you want the table to display events found for any period of time.
   • Last hour, if you want the table to display events that were found during the last hour.
   • Last day, if you want the table to display events found during the last day.
   • Custom range, if you want the table to display events found during the period you specify.
5. If you have selected the Custom range display period for found events:
   1. In the calendar that opens, specify the start and end dates of the event display range.
   2. Click Apply.

   The calendar closes.

6. Click Search.

An event table is displayed that corresponds to criteria specified in the IOC file.

See also Events database threat hunting Searching events in source code mode Searching events in design mode Sorting events in the table Changing the event search conditions Searching events by processing results in EPP programs Creating a user-defined TAA (IOA) rule based on event search conditions

Page top