Uploading an IOC file and searching for events based on conditions defined in the IOC file
To upload an IOC file and search for events based on conditions defined in that IOC file:
Select the Threat Hunting section in the application web interface window.
This opens the event search form.
Click Import.
This opens the file selection window.
Select the IOC file that you want to upload and click the Open button.
The IOC file is uploaded.
On the Source code tab, the form containing event search conditions will display the conditions defined in the uploaded IOC file.
You can search for events that match these conditions. You can also change the conditions defined in an uploaded IOC file, or add event search conditions in source code mode.
If you want to search events that occurred during a specific period, click the Any time button and select one of the following event search periods:
Any time if you want the table to display events found as far back as the records go.
Last hour if you want the table to display events that were found during the last hour.
Last day if you want the table to display events found during the last day.
Custom range if you want the table to display events found during the period you specify.
If you have selected the Custom range display period for found events:
In the calendar that opens, specify the start and end dates of the event display range.
Click Apply.
The calendar closes.
Click Search.
An event table is displayed that corresponds to criteria specified in the IOC file.