What would allow you to quickly generate a graphical view of Indicator of Compromise (IOC)...

Within the suite of Search and Investigation Tools , the Indicator graph is a powerful visualization feature designed to uncover the relationships between different malicious artifacts. While a "Process tree view" shows the parent-child execution lineage on a single host, the Indicator graph provides a multi-dimensional, global view of how a specific Indicator of Compromise (IOC)—such as a file hash (MD5/SHA256), a domain, or an IP address—is connected to other entities across the entire environment.

For a hunter, this graphical view is invaluable for identifying the "blast radius" of a threat. If a malicious file is loaded, the Indicator graph can visually map out every host that has seen that hash, any network connections that process made, and any other files dropped by that process. It essentially "connects the dots" by showing a spider-web of activity. This allows for rapid identification of lateral movement or shared infrastructure used by an adversary. Instead of manually correlating lists of hashes and IPs, the hunter can see the entire campaign structure at a glance. This tool is critical during the "Scoping" phase of an incident, as it helps ensure that no part of the attacker's infrastructure is missed during the remediation process, providing a much broader context than a standard flat search.