The Search tab in the Managed Detection and Response (MDR) portal provides the ability to locate cases and entities.
To access the Search tab, click MDR Portal in the top-right of Nebula, then click Search.
Use the search and filter functions to specify your search for a specific case or entity.
Search for open or closed cases from the past 30 days. When searching for cases, use the syntax Field Name:Search Phrase. See the table below for examples:
|AlertName:||AlertName:SUSPICIOUS PHISHING EMAIL|
Click on the ID in the search results to open the case details in a new browser tab.
An entity is identified as an endpoint, username, or indicator of compromise. When searching for an entity, enter the host name, user name, malicious URL, file hash, or file name.
The result displays whether the entity is risky and which cases the entity appears in. Click on the entity to view the entity details in another browser tab.
Watch this video for an overview of search in the MDR portal: