Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB ThreatHunter: How to build a custom watchlist from the Investigate page

CB ThreatHunter: How to build a custom watchlist from the Investigate page

Environment

  • CB ThreatHunter Web Console: All Versions

Objective

Create a custom watchlist from the Investigate page

Resolution

  1. Navigate to the Investigate page
  2. Execute a desired search query
  3. Select Add search to Threat Report under the search magnifying glass
  4. Under the Select a Watchlist heading in the Add Query modal, select Add New
  5. Enter a name for the watchlist
  6. Enter a description for the watchlist if desired
  7. Enable Alert on Hit if the watchlist is desired to alert users when IOCs match incoming data
  8. Enter a name for the Threat Report that will contain the search query executed previously in step 2.
  9. Enter a description for the threat report if desired
  10. Set a desired severity
  11. Enter any tags to be applied to the threat report
  12. Select Save

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
2686
Contributors