Skip to main content
Affinity/Documentation
Español

Getting Started

  • What is Affinity
  • Sign In
  • Your First 15 Minutes
  • Navigation Map

Integrations (Admin)

  • Integration List
  • Create Integration
  • Start Ingestion
  • Secrets

Logs (Analyst)

  • Overview
  • SQL Queries
  • Search & Export
  • Analytics Mode
  • Share Queries
  • Create Rule from Logs

Alerts (Analyst)

  • List & Filters
  • Details & Management
  • Full View

Detection & Notifications (Admin)

  • Detection Rules
  • Notification Channels

Incident Response (Analyst)

  • Extract IOCs
  • Query IOCs in Logs
  • Export Results

Usage Analytics

  • Ingestion Metrics

Administration

  • User Management

Troubleshooting

  • Common Issues

Reference

  • Glossary
  • Integration Catalog
  • FAQ
  • Step-by-Step Guides

IOC Analysis

Analyst15 min

Route: `/incident-response` — Title: **INCIDENT RESPONSE**

Respond faster. Paste logs, extract IOCs automatically, enrich indicators, and hunt them across your infrastructure — without switching tools.

What it's for

Extract and analyze indicators of compromise (IOCs) from text, files, or session history.

Steps

  1. Go to INCIDENT RESPONSE.
  2. Text Input tab.
  3. Paste data in the area (placeholder: `Paste your log data, security alerts, or any text containing IOCs here...`).
  4. (Optional) Load Example to test.
  5. Click Extract IOCs or Analyze IOCs (shows Analyzing...).
  6. Review cards: `Total IOCs`, `Threat Level`, `IOC Breakdown`.
  7. Select IOCs and click Query Selected in Logs.
  8. Security Logs drawer opens with results.

Expected result

  • IOCs extracted and classified by type.
  • Direct log query access from selected IOCs.

Tips

  • Tabs: Text Input, File Upload, History (`Session History`, `Click to load`).
  • IOC types: `IPv4`, `Domain`, `Email`, `URL`, `MD5`, `SHA256`.
  • From Logs (Analytics mode): Back to Analytics button goes to `/logs`.

See also

  • Query IOCs in Logs
  • Analytics Mode
Previous

Notification Channels

Next

Query IOCs in Logs