When working in the program web interface, users with the Senior security officer or Security officer roles can generate search queries and use IOC files and IOA rules to search the events database for threats, for organizations whose data they are allowed to access.
To form search queries through the events database, you can use design mode or source code mode.
In design mode, you can create and modify search queries using drop-down lists with options for the type of field value and operators.
In source code mode, you can create and modify search queries using text commands.
You can upload an IOC file and search for events based on conditions defied in this IOC file.
You can also create IOA rules based on event search conditions.