Search for entities

  • Updated on Mar 5, 2025
  • Published on Jul 18, 2024

About Entity Search

The Entity Search allows you to search for various entities using different identifiers such as host names, user names, IP addresses, etc. over Hunters data. Use the Entity Search to find and visualize the presence of specific entities throughout the system. This will allow you to scope the entity’s involvement in incidents and understand its presence in the Hunters data.

The Entity Search tool is designed to provide in-depth and comprehensive results, including leads and stories the entity is involved in, as well as enrichments added to the entity as a result of the automatic investigation process. Additionally, when searching for host names, the Entity Search will present a complete list of events related to the searched host. To display this level of detail, the tracker is limited to a single entity at a time.

⚠️ Attention
The Event results are currently limited to hosts, with the bulk of the information arriving from EDRs.


Search for entities

To search for entities:

  1. From the Hunters platform menu, navigate to Investigation > Entity Profile.

  2. In the search bar, search for an entity by ID, name, address, etc.

💡Tip

Type text to find entities that contain it:

Searching

Will match

ric

Rich, Eric

       

Use quotes (") to find the exact text:

Searching

Will match

"rich"

Rich

Use asterisk (*) to match any part of the text:

Searching

Will match

r*c

Rich, Eric, Rachel

  1. Select the most relevant item from the suggested list of results. Note that suggestions are divided into different types of entities and that the total number of results is specified under the list.

💡Tip

Search for entities directly from a Lead or cluster by clicking on the entity name from the Lead details, and then selecting Investigate.

Investigate search results

Entity Search results are separated into 3 tabs, each providing the complete picture of the entity, depending on the type of information selected:

  • Leads and Stories - this tab displays all leads and stories involving the searched entity from the past 6 months.

  • Enrichments - this tab displays enrichments and other entities related to the searched entity from the past 6 months.

  • Events (only for hostnames) - this tab displays all events involving the searched entity (even those not part of a lead), from the selected time frame.

    📘Learn more

    Events are an elaborate topic which is covered in Explore entity events.

Leads and Stories

The Leads and Stories tab displays all leads and stories involving the searched entity from the past 6 months.

Leads are displayed in clusters, including the Cluster context, and can be triaged like any other leads straight from the search results page.

📘Learn more

  • Triaging leads

  • Triaging clusters

Stories are displayed with all relevant details, including score, Story timeline, layout options, and more. You can triage the story, assign it to a team member, add tags, and more.

Enrichments

The Enrichments tab displays 2 types of information:

  • Related entities - A list of all entities strongly correlated to the searched entity, based on findings from the Stories graph. In this section you can also explore an interactive network diagram, demonstrating the connection between the searched entity and the related entities. The searched entity appears in purple.


  • Drill-downs - Showing results of drill-downs that had this entity as an input from a recent lead.