FAQ
Question
Answer
What browser can I use?
We recommend Firefox, Chrome or Safari or Microsoft Edge. Internet Explorer 11 is not supported in Heureka.
Why do some of my endpoints remain in a "Queued", "Searching" or "Collecting" state?
During the normal course of operation, you may execute a search that remains in a "queued", "searching" or "collecting" state. Day-to-day endpoints will naturally transition into sleep mode, be shut down by the end-user, or may be off network for whatever reason. When you select endpoint groups for a search, some may be offline and not available to perform the task or perhaps will be shut down during the task itself. This is completely normal and the greater amount of endpoints you have, the greater the chance that the state of the system will remain in queued, searching or collecting until and endpoint can complete the task requested.
The best method for checking the status of your endpoints is to look at the configuration > endpoints page and view the "Last Checked-in" column. This will give you a good indications as-to whether your endpoint is actively communicating with Interrogate. You may find that an endpoint has been offline for some amount of time. If the owner of the endpoint is on vacation or perhaps traveling for work, it may be normal to be offline for days. If, however an endpoint should be checking-in with Interrogate you may want to dive a bit deeper into why the endpoint may not be communicating with Interrogate. See the Verifying Communications second below for more details.
How many default extensions are included with Heureka?
Over 3,800
How does the index work with email files such as PST or OST?
The Heureka endpoint indexing engine will open and index Microsoft PST and OST files as long as they are not locked by the operating system. In other words, on a Windows PC the PST or OST file will only get indexed if it is not actively open and being used by the end user of the system.
What container file types does Heureka support?
PST, OST, ZIP files are expanded and indexed. Other compressed file formats such as RAR are not supported at this time.
Can I index my cloud storage such as BOX, DROPBOX, ONEDRIVE, iCLOUD DRIVE, or GOOGLE DRIVE?
The current Heureka index engine will index any cloud storage that is mounted in your system. For example, if you have a Box or Dropbox folder where you can drag and drop files, the Heureka endpoint indexer will scan that mount point and index the contents as normal.
Will Heureka index removable drives such as USB ThumbDrive or disk?
No. Today's indexing engine does not automatically scan and index removable media. The main reason for this is that if the system is called upon to collect from a removable drive, that drive may have been removed thus rendering a collection into a permanent state of collect.
Are there collection limitations?
Yes. The maximum file size is 100MB today. If you need to collect larger files, you may have to contact your IT department or the computer user to collect the information needed.
What type of credit cards are identified?
Visa, MasterCard, American Express, Discover, JCB, Diners Club
How does Heureka identify Social Security Numbers?
Heureka uses the following patterns to identify SS#'s: 123-45-6789
What is a hash value?
Hash values are like file "fingerprints". They are unique identification values for every file. Unlike fingerprints, however there can be duplicate file hashes on the same system. For example, you may have the same file in a computer folder, on the desktop, in email or in the cloud. Heureka's endpoint service automatically creates a hash value for each file in a file system so that you have an opportunity to search by a hash value.
Heureka supports two different types of hash values knows as MD-5 and SHA-1.
What is the difference between Visa 13 and Visa 16?
Visa cards normally contain 16 digits, however there are valid cards issued that contain 13 digits instead of 16. Interrogate automatically identifies and tags files as either Visa 13 (13 digits) or Visa 16 (16 digits).
How do I import keyword, file name or hash lists?
Some use cases require more than one or two keywords, file names or hash values. When you want to import larger sets of data, you may create a text file containing the information you want to search for. For example, perhaps you want to search for many MD5 hash values associated with a particular malware? By creating a text file you can import all of the hash values into a group all at the same time. This is true for file names (don't forget the extension) as well as keywords.
How do I collect the files from my search results?
You will be provided FTP credentials by which you will be able retrieve your files. You may use any FTP programs such as Filezilla to download your collection. See Collect Files for more information.
How do I search for email attachment names?
Email attachment names are not indexed as normal file names, rather as normal text and therefore should be searched using the Keyword Search function. For example, if you are searching for an Excel spread sheet with the name Curve Sheet.xls, you will input your term as a keyword search in quotes. Example: "Curve Sheet.xls".
Can I search by a specific file path?
Yes. Heureka's search criteria page supports a full file path search. In fact, when users know where to look for information, Heureka highly suggests using this function as it reduces the amount of information returned to the interface.
What type of file actions can I perform?
Heureka supports three types of file actions, collect, quarantine and delete. Files can either be collected in native form with the full file path retained in the folder structure or they can be collected with our E-Discovery options. File quarantine first collects the native file, verifies the collection and then deletes the file on the endpoint and places a "stub" file in the original file path. File delete simply deletes the file from the endpoint.
Are there file delete limitations?
Yes. We do not delete files from containers such as OST, PST or Zip. For example, if there is a message file contained within a PST, Heureka will not delete the file from that container. Additionally, we do not delete files over 100MB in size.
Yes, the Heureka index engine automatically tags documents which may contain indexing exceptions. Common file exceptions include items such as encrypted or password protected as well as large files, end of file issues or OLE attachment problems. All tag exceptions can be searched on and reported within the system.
How often do endpoints check in with the console?
Endpoints check in each minute looking for a command.
How often does an endpoint update?
Each endpoint performs a nightly, incremental index of new or modified information. If a file has not changed, it is rapidly skipped by the indexing engine making the nightly incremental index process very fast.
How are endpoints upgraded with new software?