Kaspersky CyberTrace

Single indicator search

August 22, 2024

ID 172899

You can search for a single indicator by selecting the Indicator tab after selecting the Search tab.

Search → Indicator tab in CyberTrace.

The Indicator tab

Search for objects

You can search for one of the following indicator types:

  • Hash
  • IP address
  • Domain
  • URL

To search for an indicator:

  1. Enter the indicator in the search field.
  2. Click the Search button.

The search result will appear in the Detections section.

Indicator search syntax

You can search for a URL in two ways:

  • By specifying the full URL
  • By specifying only the domain name

When searching for a hash or an IP address, specify the full indicator, as described in the section about indicator search syntax.

Search result

After a search is performed, Kaspersky CyberTrace Web displays the result in the Detections section.

Detections section in CyberTrace.

The Detections section

The search result consists of the following data:

  • Requested indicator
  • Category of the requested indicator

    This information is displayed in the Category column.

  • Fields of feed records that matched the indicator

    If the feeds do not contain information about the requested indicator, a message about this is displayed.

    This information is displayed in the Context column.

  • Link or links to detailed information about the requested indicator

    The links are displayed as fields in the Context column.

If the indicator is not detected because it belongs to the FalsePositive supplier, the search result displays the message that no matching indicators are found, as well as the link that redirects you to the search page of Kaspersky Threat Intelligence Portal.

Notice that if you run a search and then switch to another tab, the search results will become available in the search request history.

Downloading search reports

You can download a report with the results of the search operation. The report is a .csv file.

To download a report,

Click the Download report link, and then specify the directory to which you want to save the report.

Regular expressions for searching indicators

To search for indicators, Kaspersky CyberTrace Web uses the regular expressions defined in the Kaspersky CyberTrace Service configuration file. The regular expressions are specified by a special event source called http_single_lookup.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.