Search Results

Once a hunt query is executed, the Results page displays all matched threat intelligence entries based on the selected indicator and search term. The returned findings are enriched with metadata to support prioritization and further investigation.

Each result represents a correlated threat signal found within the Inopli DRP database or across integrated external sources. The system aggregates and categorizes findings to streamline triage and decision-making.

Result Summary Overview

At the top of the Results screen, summary indicators are displayed:

• Total Results – Total number of matching threat records

• Search Time – Time taken to complete the query (in milliseconds)

• Search Term – The query string used during the hunt

Result Table Fields

Each result row contains:

• ID – Unique incremental identifier for visual sorting

• Category – General threat category (e.g., Malware, Phishing, InfoStealer)

• Type – Specific sub-type within the category (e.g., Ransomware, Email, Domain)

• Values – IOC(s) matched against the hunt query (e.g., domain, email, hash)

• Confidence – Estimated confidence level (e.g., 85%) based on correlation signals and source reliability

• UUID – Internal unique identifier for traceability and pivoting

• Threat Data – Origin scope of the intelligence (e.g., Global, Regional, Tenant-based)

Each result can be expanded or clicked to view full details, including the source, enrichment layers, relationship graph, and timestamps.

All search results can be exported in multiple formats to support external analysis, reporting, or archival. Supported formats include CSV for structured data handling, PDF for static reporting, and HTML for easy sharing or offline review. Exports preserve metadata such as confidence level, threat category, and UUID for traceability.