Environment

• CB ThreatHunter Web Console: All Versions

Objective

Resolution

1. Navigate to the Investigate page
2. Execute a desired search query
3. Select Add search to Threat Report under the search magnifying glass
4. Under the Select a Watchlist heading in the Add Query modal, select Add New
5. Enter a name for the watchlist
6. Enter a description for the watchlist if desired
7. Enable Alert on Hit if the watchlist is desired to alert users when IOCs match incoming data
   • Selecting Include Historical Data will perform a one time query of all past data available in the console CB ThreatHunter: How long is event data stored for?
8. Enter a name for the Threat Report that will contain the search query executed previously in step 2.
9. Enter a description for the threat report if desired
10. Set a desired severity
11. Enter any tags to be applied to the threat report
12. Select Save

Related Content