Find a Job

Search for a job in TheHive to locate tasks initiated by Cortex to run analyzers on observables.

Can't find a job?

5.5 Platinum Case visibility can be restricted to protect sensitive data. If you aren't an authorized user, its linked observables and any jobs launched on those observables won't appear in the list, search results, or dashboards.

Method 1: Search bar

5.6

Simple searches for one or more jobs without requiring simultaneous actions.

1. In the search bar at the top of the page, enter your search text.

   

   Wildcard character

   You can use the wildcard character * to broaden your searches.

   The wildcard character acts as a placeholder that matches zero or more characters, helping you find variations of a term or incomplete information.

   Examples of use cases:

   • Email domains: Entering *@gmail.com returns entities containing the gmail.com domain.
   • IP subnets: Entering 192.168.*.* returns entities with IP addresses in the 192.168.x.x subnet.
   • URLs: Entering https://malwaredomain.com/* returns entities hosted under the malwaredomain.com directory.

   Other advanced search options, such as Boolean and phrase searches, aren't currently supported.

   Case sensitivity

   Partial-word searches and filters are case sensitive in Elasticsearch, so capitalization matters.

2. Select a result from the list, or choose All results to view the full set of matches.

Refine results

The search bar searches across all element types—cases, alerts, observables, tasks, task logs, and jobs. It also doesn't support filters.

Use the Global Search feature when you need to refine results more precisely.

---

Method 2: Global Search feature

If you need to conduct advanced searches for one or more jobs without requiring simultaneous actions.

1. Go to the Global Search view from the sidebar menu.

   

2. Select the Jobs item on the Search scope pane.

   

   All elements

   Select the All elements item for a comprehensive tool-wide overview that includes all entity types, such as cases, alerts, observables, jobs, tasks, and task logs. Use this option to analyze cross-linked information or to conduct a detailed investigation.

3. Enter the keywords you want to search for in the search box displayed by default.

   Wildcard character

   You can use the wildcard character * to broaden your searches.

   The wildcard character acts as a placeholder that matches zero or more characters, helping you find variations of a term or incomplete information.

   Examples of use cases:

   • Email domains: Entering *@gmail.com returns entities containing the gmail.com domain.
   • IP subnets: Entering 192.168.*.* returns entities with IP addresses in the 192.168.x.x subnet.
   • URLs: Entering https://malwaredomain.com/* returns entities hosted under the malwaredomain.com directory.

   Other advanced search options, such as Boolean and phrase searches, aren't currently supported.

   Unindexed fields

   The workerDefinition field and the operations[] array aren't indexed for search.

   Case sensitivity

   Partial-word searches and filters are case sensitive in Elasticsearch, so capitalization matters.

4. To refine results, select Add new filter and choose one or more filters.

   Filters narrow your search results and work like the AND operator in a Boolean search.

   Required filters

   Filters are mandatory for certain fields to ensure the search engine interprets values correctly:

   • Fields with specific date formats
   • Custom fields

5. Based on your inputs, a list of results appears.

You can view up to 300 results per page and navigate through them using Previous and Next.

Next steps

• Run Analyzers and Review Reports for an Observable
• Run Responders and Review Reports for an Observable
• Run Responders and Review Reports for a Case