Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Enterprise EDR: How to add queries to watchlists from the Investigate page

Enterprise EDR: How to add queries to watchlists from the Investigate page

Environment

Enterprise EDR Console: All Versions

Objective

Integrate unique threat intelligence by adding custom queries to watchlist reports

Resolution

  1. Navigate to the Investigate page
  2. Execute the desired query in the search bar
  3. Verify the results are what is expected
  4. Select Add search to Threat Report under the search magnifying glass
  5. Select an existing custom Watchlist or create a new custom Watchlist
  6. Add the search query to an existing Threat Report or create a new Threat Report
  7. Select Save

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
2632
Contributors