LOGIN REGISTER
open_in_full
  • home
    • Dashboard
    API Docs User Guide
    Overview
    Introduction
    Dashboard
    Core Search
    Starting a Search
    Reputation
    Understanding the different tabs
    Using the tables
    Additional Functionality
    Miscellaneous
    Frequently Asked Questions
    Support and Contact

    Bulk Analyze

    Validin designed the "Bulk Analyze" workflow to help researchers quickly identify patterns between large sets of indicators.

    To begin the workflow, visit the "Bulk Analyze" page, type or copy/paste indicators into the search box, then click "Next."

    NOTE: Validin will parse defanged and unstructured content out of indicators. Validin designed this workflow to make it easy to copy/paste from reports and other sources.

    Add Indicators to Bulk Analyze

    Adding defanged indicators to Bulk Analyze

    Search Filters, Review Indicators

    After clicking "Next," Validin parses the indicators you provided, determines the type, and annotates each extracted indicator with malware family, popularity, and additional context.

    You may also customize bulk search options applied to each indicator at this stage. For example, you may narrow the search to:

    • Specific DNS association types
    • Specific answer ranges for IPv4 (A and PTR records), IPv6 (AAAA records), and domains (NS and PTR records)
    • Specific time ranges

    Review Indicators in Bulk Analyze

    Reviewing extracted indicators in Bulk Analyze

    If you'd like to change the extracted indicators, click the "MAKE CHANGES" button. Otherwise, click the "SEARCH ALL" button to begin the bulk search.

    Search Results

    The search will take a variable amount of time depending on the number of indicators and search results in the output. Once finished, Validin will display search results in our standard table format. This table can be sorted and filtered by different columns to assist with understanding the timing and relationships of indicators in your starting set.

    Bulk Analyze Results: Table

    Bulk Analyze Results: Table View

    Like the other tables, you can click on different cells to open slideouts with additional annotations and context. You can also toggle between "table view" and "timeline view" to quickly identify patterns visually. The timeline view, combined with filtering and sorting, enables comparing and contrasting indicators in a unified visual format.

    Bulk Analyze Results: Timeline

    Bulk Analyze Results: Timeline View - sorted and filtered.

    Lookalikes  |  Threat Actor Profiles