Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB ThreatHunter: What is Value Search?

CB ThreatHunter: What is Value Search?

Environment

  • CB ThreatHunter Web Console: All Versions

Question

What is Value Search?

Answer

  • Value Search is an expansion of the existing search functionality found on the Investigate and Process Analysis search bars that allows users to search without having to specify the field name
    • For example, searching for "chrome.exe" previously returned an error, but now searches across all fields where a filename is relevant
    • Fields include all fields with "process", "proc", "reputation", and "hash" in their name, netconn_ipv4, netconn_ipv6, sensor_action and crossproc_action

Additional Notes

  • Value Search also supports boolean operators "AND", "OR", and "NOT" as well as wildcards
  • Any queries that include Value Search terms cannot be saved as a Threat Report 
  • Queries that include terms missing field names will return the following error if there is an attempt to save the query as a Threat Report
    Search Fields are required to add queries to a watchlist report.
  • Wildcard Value Searches have the following restrictions:
    • Wildcard characters cannot appear in the first 2 characters of a Value Search
    • Hashes and guids do not support wildcards
    • Identifiers used in fields such as "ttp", "process_publisher_state" and "reputation" do not support wildcards

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
927
Contributors