Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1428
Views
0
Helpful
0
Replies

IoC Scan Results - How do you accurately find what was detected?

RyanMcGuire33401
Level 1
Level 1

‎08-25-2021 06:27 AM

I found a previous post showing how to hit the "View Source" button to pull up highlighted portions of the IOC that were supposedly discovered in the scan.  However, this seems to be inaccurate.  Here is an example...

 

 

psiphon3_IOC.png

 

 

So the highlighted items are supposed to be what was found in the scan, right?  If I search for any of these hashes, I get no results.  Keep in mind this scan was done to a group and got over a thousand hits.  Yet a search of the hashes it's highlighted returns no results?

 

image.png

 

Am I missing something?  Shouldn't there be a simple report indicating exactly what file was detected?  Not only that, but why is it indicating matches on hashes that can't be found anywhere?

 

Thank you for your time.

0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents