Using host index to identify malicious IPsΒΆ
Host indexing allows users to quickly look up IP addresses seen on the network, making it ideal for monitoring hosts that have exhibited anomalous or suspicious behavior.
Workflow
To search the host index for malicious IP addresses:
Navigate to Explore > Search in the web interface.
In the Host Index subtab, use the dropdown to switch to Multiple search mode.
Paste in the comma-separated list of IoC (Indicators of Compromise) IP addresses into the field.
Review the traffic direction, byte counts, and first/last seen details for each host and, if necessary:
Click on the hostname/IP to view additional traffic and alarm information associated with the host.
Run a report filtered on the host by clicking the data source and selecting a report from the tray.
Hint
If further investigation is required, continue to refine the report configuration as needed.
See also
To learn more about configuring and refining reports, see this use case.