This topic describes the Search Threat Reports page.

The Search Threat Reports page is divided into three major sections:

  • The top section includes the following:

    • The Search field and button.

    • The Add Criteria button, which opens a Search Criteria page.

    • The Reset search terms button, which resets the search and removes any search criteria you have added.

    • The Actions menu, which applies to the entire page.

  • The middle section contains a series of filters that include the following:

    • Feed Name – A list of the short names (for example, “nvd” for National Vulnerability Database) of each feed that has produced a report, and the percentage of all reports that have been produced by each feed.

    • Feed Category – A list of feed categories and the percentage of all reports that each feed category produces. Categories can include:

      Open Source – For example, Tor or Malware Domain List.

      Partner – A member of the Carbon Black Threat Intel Partners.

      Carbon Black EDR first party – Feeds supplied directly from Carbon Black App Control or Carbon Black EDR products or services.

    • Report Score – A graph of the number of reports at different score levels.

    • Report Creation Time – A graph of the number of reports by creation date.

  • The Reports table shows details for reports that match the search criteria. You can sort the reports by severity, most recently updated, or most recently added.

The Search Threat Reports page presents the following report data:

Column

Description

Description

This column includes:

  • The name of the feed that provided the report

  • The name of the specific report

  • The time elapsed since the report was received

Indicators

The column includes the number of certain elements in the report that were identified as threats:

  • MD5s – the number of suspicious files matching the MD5 hash

  • SHA-256s – the number of suspicious files matching the SHA-256 hash

  • IPs – the number of suspicious IP addresses

  • Domains – the number of suspicious domains

  • Queries – the number of queries in the report; depending on the feed, this value might be empty.

Report Score

The threat score of this report. Report scores range from minus 100 to 100, with lower scores indicating a lower threat and higher scores indicating a higher threat. Threat scores are used in the calculation of alert severity.

Ignore

Ignore any future instances of this report, so that they do not trigger alerts. See Ignoring Future Reports.

Details link

Opens a Threat Report Details page for the report in this row. See Threat Report Details.