Submit an IoC Lookup request from the Security Incident Catalog

If the Security Incident Response plugin is activated, you can submit threat lookups for files, hash values, URLs, and IP addresses from the Security Incident Catalog. The requests are submitted and you can view the results in the My Requests module.

Before you begin

Role required: none

About this task

Lookups are automatically performed for the default lookup type for each lookup source listed in the lookup record. The results of the lookup request are available in the My Requests module.

Procedure

  1. Navigate to Self-Service > Security Incident Catalog.
  2. Click IoC Lookup.
  3. Click Lookup files, hash values, URLs or IP addresses.
  4. Enter one or more of the following:
    Table 1. IoC Lookup request
    Item to lookup Description
    Files Click the paperclip icon, then locate and attach the files you want to lookup.
    Note: By default, the Lookup Type for File is inactive. Files are converted and submitted as a hash value.
    URLs In the URLs field, enter the URLs you want to lookup, separated by commas. For example: www.abc.com,www.xyz.net.
    IP addresses In the IP addresses field, enter the IP addresses you want to lookup, separated by commas.
    Hash values In the Hash values field, enter the hash values you want to lookup, separated by commas.
    Note: When the Lookup Type for File is inactive, this value is the default action for both File and Hash values.
  5. When you have made your selections, click Submit.
  6. To view the status and/or results of the lookups, navigate to Self-Service > My Requests.
  7. Click the SR number for the request.
    The work notes under Activity list the tasks performed during the lookup, including the creation of individual lookups for each file, hash value, URL, or IP address, and the lookup results.