Searching indicators

On the Kaspersky CyberTrace web user interface you can select the Search tab to activate a form for searching threat indicators.

In the Kaspersky CyberTrace version 3.0 this tab was named Lookup.

The threat search can be disabled due to restrictions imposed by the licensing level.

From the Search tab you can access pages for individual indicator types:

Starting from Kaspersky CyberTrace version 3.1.0, each search request is added to the search request history.

Saving search results

You can save the result of a search operation to a text file.

The result will be saved in a file named kl_lookup_result_%TYPE%_hhmmss_ddMMyyyy.txt. Here %TYPE% is either indicator (for a single indicator search), logfiles (for a log files search), or files (for a file hashes search).

A full report about a search result is a CSV file. In the first line of this file, the field names are listed. The remaining lines of the report contain the field values, enclosed in quotation marks. If a field value has a quotation mark, a second quotation mark is added. All data is delimited by semicolons.

Different search types imply different sets of fields in a report file. The field sets for each search type are described in a section for that particular search type.

Canceling the search

You can cancel the search operation.

The Cancel button

The Cancel button

To cancel the search operation:

  1. Click the Cancel button in the middle of the screen.

    A confirmation window opens.

  2. Select Cancel the search, if you want to cancel the search operation.

    If the search operation is canceled, the search request is added to the search request history, and the search result is Canceled. The search result form is cleared and the "Operation is canceled" message is displayed. The information about the processed item is added to the search requests history with a remark that the search process was not finished.

In this section

About the indicator search syntax

About the search request history

Single indicator search

Log file indicators search

File hashes search

Page top