Search Criteria

The Search Criteria page is used to input all of your desired search criteria in which to perform a search. The criteria page is broken down into the following categories:

Service

Any endpoint may stand alone or be grouped together with other endpoints. Previously created group names will be displayed in the endpoint drop-down list. New groups may be created or edited using the gear icon at the end of the drop-down list. See Managing Groups

Content

Keywords may consist of a single word or a group of words. Previously created keyword groups can be found in the drop-down list where they can be selected. See Managing Keywords

File

File Name 

You may search by any specific file name or groups of names. Previously created keyword groups can be found in the drop-down list where they can be selected. Once a group name is created you can add individual file names or import a text file containing a list of file names.

See Managing Groups

File Owner

During the index phase, Interrogate automatically creates a list of all available file owners. All available file owners will show in the available grid. Previously created file owner groups can be found in the drop-down list where they can be selected.

Hash

A file hash is similar to a human fingerprint. It is a unique identification for each file on a system. Interrogate accepts MD-5 or SHA-1 input values. Interrogate is pre-populated with an extensive list of known Malware Indicators of Compromise which may be selected in the drop-down list. All pre-populated IOC's contain valid MD-5 or SHA-1 hash values. You may create your own Hash groups by inputting valid MD-5 or SHA-1 values. You may also import text based files containing your desired hash values.

Extension

You may search any endpoint for files with specific extensions. Previously created extension groups can be found in the drop-down list where they can be selected.  Interrogate is pre-populated with over 3000 file extensions in which to search and select from. You will find your extension list once you create and name an extension group.

File Path

You may enter a file path in order to search in a specified file location. This function is useful for explicit file paths on individual endpoints or file shares. Note: Different operating systems use different file path slashes, however Heureka's file path search will work with either a forward or backward slash "/ or \". Currently you can only enter one path in the File Path line. 

File Path Example: You would like to search the desktop folder named "Documents" on Roger's Windows computer (See example at right)

File Path: C:\Users\roger\Desktop\Documents

Date

Start Date

You may select a beginning date to help narrow your results. You may type your beginning date or use the built-in calendar from which to select. 

End Date

You may select an end date to help narrow your results. You may type your end date or use the built-in calendar from which to select.

Patterns (Tags)

During the index phase the endpoint service automatically identifies social security and major credit card content. The patterns quick filters section enables you to filter directly to a specific type of pattern and return only the information requested. For example, if you only wanted the system to return credit card information you would select your normal criteria and then check the "Credit Cards" checkbox in the pattern drop-down list. Only matched criteria containing credit cards will be returned during the search.

Deleted Files

During each index phase, the endpoint service keeps track of files that have been deleted on each endpoint. In order to be flagged as deleted in the system, a file must actually be deleted from the recycle or trash bin. Files that remain in the recycle or trash bin will be identified as such in the local file path column on the results grid. 

If selected, deleted files will show a deleted flag on the results page. 

Back - Running a search