Take action such as adding tags, expiring an indicator, using indicator relationships, and extracting and enriching indicators.
When investigating an indicator, you can see the following tabs:
Summary: View verdict, enrich, expire, delete and exclude the indicator, add relationships, view related incidents, and add comments. Add or remove tags, which can help classify known threats. For example, you may want to group specific malware indicators that are part of ransomware, trojan, loader, etc. In addition, Unit 42 Intel publishes tags.
Additional Details: Add or view any community notes for sharing and view custom details.
Unit 42 Intel: If the indicator is available in Unit 42 you can download the WildFire report and view related data.
If the indicator has been found in the Unit 42 database you can view the following information, per indicator type:
Indicator Type
Layout Sections
IP address
Verdict
Source
Relationships
PAN-DB Categorization
Passive DNS
URL
Verdict
Source
Relationships
PAN-DB Categorization
WHOIS
Domain
Verdict
Source
Relationships
PAN-DB Categorization
Passive DNS
WHOIS
File
Verdict
Source
Relationships
Summary
WildFire Analysis
Related Sessions & Submissions