Kaspersky CyberTrace

About the search request history

27 February 2024

ID 183381

This section describes the search request history that is displayed on every threat search page.

Storing the search requests

When a search is performed by using Kaspersky CyberTrace Web, information about it is stored in the history. The log file itself is not stored when a log file search is performed, only strings from the log file that contained detected indicators are stored; also, the file itself is not stored when a file hash search is performed.

For each authenticated user, the CyberTrace HTTP service stores the following amount of information:

  • Last 1000 indicator search requests made in the last three months.
  • Last 1000 log file search requests made in the last three months.
  • Last 1000 file hash search requests made in the last three months.

Displaying the search request history

Every search page contains a form with the request history. The request history form contains requests of the corresponding search request type:

  • Single indicator search request
  • Log file search request
  • File hash search request

If you have signed in as an administrator, the search request history of all users is available; otherwise, only the current user's search request history is available.

The search requests are displayed from the last to the first. The active page contains up to 20 search requests. If there are more than 20 search requests available, you can display others by using the navigation controls.

You can specify the period during which the search requests to display were made:

  • Last hour
  • Last day
  • Last week
  • Last month (30 days)
  • Last 3 months (91 days)
  • Arbitrary period

Single indicator search request history

Single indicator search request history in CyberTrace.

Single indicator search request history

The form with the history of single indicator search requests displays the following data:

  • The search result

    It is Detected if the indicator is detected one or more times, Not detected if the indicator is not detected, or Canceled if the search operation was canceled.

    This information is displayed in the Status column.

  • Date of request in the format yyyy-mm-dd HH:MM:SS

    For example, 2012-12-31 23:58:25.

    This information is displayed in the Date column.

  • Name of the user who performed the search request

    This information is displayed in the User column and can be seen only by administrators.

  • Indicator that was searched for

    This information is displayed in the Search string column.

For a search operation that was not canceled, if you select an indicator, the full search result and the button for exporting the search result are displayed.

Log file search request history

Log file search request history in CyberTrace.

Log file search request history

The form with the history of log file search requests displays the following data:

  • The search result

    It is Detected if indicators in the log file are detected one or more times, Not detected if no indicator is detected, or Canceled if the search operation was canceled.

    This information is displayed in the Status column.

  • Date of request in the format yyyy-mm-dd HH:MM:SS

    For example, 2012-12-31 23:58:25.

    This information is displayed in the Date column.

  • Name of the user who performed the search request

    This information is displayed in the User column and can be seen only by administrators.

  • Log file in which the indicators were searched for

    This information is displayed in the Log file column.

For a search operation that was not canceled, if you select a row in the table, the full search result and the button for exporting the search result are displayed.

File hash search request history

File hash search request history in CyberTrace.

File hash search request history

The form with the history of file hash search requests displays the following data:

  • The search result

    It is Detected if the file hash is detected one or more times, Not detected if the file hash is not detected, or Canceled if the search operation was canceled.

    This information is displayed in the Status column.

  • Date of request in the format yyyy-mm-dd HH:MM:SS

    For example, 2012-12-31 23:58:25.

    This information is displayed in the Date column.

  • Name of the user that performed the search request

    This information is displayed in the User column and can be seen only by administrators.

  • Name of the file whose hash was searched for

    This information is displayed in the File column.

  • File hash that was searched for

    This information is displayed in the Checksum column.

For a search operation that was not canceled, selecting a file hash will display the full search result and the button for exporting the search result.

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.