Skip to main content
Affinity/Documentation
Español

Getting Started

  • What is Affinity
  • Sign In
  • Your First 15 Minutes
  • Navigation Map

Integrations (Admin)

  • Integration List
  • Create Integration
  • Start Ingestion
  • Secrets

Logs (Analyst)

  • Overview
  • SQL Queries
  • Search & Export
  • Analytics Mode
  • Share Queries
  • Create Rule from Logs

Alerts (Analyst)

  • List & Filters
  • Details & Management
  • Full View

Detection & Notifications (Admin)

  • Detection Rules
  • Notification Channels

Incident Response (Analyst)

  • Extract IOCs
  • Query IOCs in Logs
  • Export Results

Usage Analytics

  • Ingestion Metrics

Administration

  • User Management

Troubleshooting

  • Common Issues

Reference

  • Glossary
  • Integration Catalog
  • FAQ
  • Step-by-Step Guides

Query IOCs in Logs

Analyst10 min

What it's for

Expand the investigation by searching extracted IOCs across your entire log infrastructure.

Steps

  1. After extracting IOCs, select relevant indicators in the results list.
  2. Click Query Selected in Logs.
  3. Review results in the Security Logs drawer.
  4. From there you can go deeper with filters, export, or send more context to investigation.

Expected result

  • Log events containing or relating to the selected IOCs.

Tips

  • Combine multiple IOCs to understand the full scope of the incident.
  • Use Back to Analytics if you came from the Logs investigation flow.

See also

  • SQL Queries
  • Extract IOCs
Previous

Extract IOCs

Next

Export Results