The Search tab in the Managed Threat Hunting (MTH) portal provides the ability to locate cases and entities. To access the Search tab, click MTH Portal in the top-right of OneView, then click Search. Use the search and filter functions to specify your search for a specific case or entity.
Search for open or closed cases from the past 30 days. When searching for cases, use the syntax Field Name:Search Phrase. See the table below for examples:
|AlertName:||AlertName:SUSPICIOUS PHISHING EMAIL|
Click on the ID in the search results to open the case details in a new browser tab.
An entity is identified as an endpoint, username, or indicator of compromise. When searching for an entity, enter the hostname, user name, malicious URL, file hash, or file name.
The result displays whether the entity is risky and in which cases the entity appears. Click on the entity to view the entity details in another browser tab.
Return to Managed Threat Hunting.