How to Find a Job#
This topic provides step-by-step instructions for searching a job in TheHive.
A job is a task initiated by Cortex to run an analyzer on an observable.
Procedure#
-
Go to the Global Search view from the sidebar menu.
-
Select the Jobs item on the Search scope pane.
All elements
Select the All elements item for a comprehensive tool-wide overview that includes all entity types, such as cases, alerts, observables, jobs, tasks, and task logs. Use this option to analyze cross-linked information or to conduct a detailed investigation.
-
Enter the keywords you want to search for in the search box displayed by default.
Wildcard character
You can use the wildcard character * to broaden your searches since version 5.4.7.
The wildcard character acts as a placeholder that matches zero or more characters, helping you find variations of a term or incomplete information.
Examples of use cases:
- Email domains: Entering *@gmail.com will return entities containing the gmail.com domain.
- IP subnets: Entering 192.168.*.* will return entities with IP addresses in the 192.168.x.x subnet.
- URLs: Entering https://malwaredomain.com/* will return entities hosted under the malwaredomain.com directory.Other advanced search options, such as Boolean and phrase searches, are not currently supported.
Warning
The
workerDefinitionfield and theoperations[]array aren't indexed for search. -
If you need additional filters, apply one or more filters by selecting Add new filter.
These filters refine your search results and act as an equivalent to the AND operator in Boolean search.
Warning
Filters are required for the following fields to ensure the search engine accurately interprets values:
- Fields with specific date formats
- Custom fields -
Based on your inputs, a list of results appears.
You can view up to 300 results per page and navigate through them using Previous and Next.