Filtering

Updated 3 months ago by Shimon Modi

You can use the Filter feature in TruSTAR Station to focus on data that matches specific criteria. You can filter directly to reports and IOCs or use filtering as part of a search.

Filtering

You can filter information by selecting specific enclaves or dates. For example, you can choose to only utilize two or three OSINT intelligences Sources rather than use all of them.

The number of selected filters per category is shown next to the category name; for example: Premium Intel Feeds (4) means that you have selected four of those enclaves and any other enclaves you have in that category are not being checked while you conduct an investigation.

Filtering Reports

You can filter Reports by these categories:

  • My Enclaves (private)
  • Premium Intelligence Sources
  • OSINT Intelligences Sources
  • Intel Researchers
  • Date Updated

Filtering IOCs

You can filter IOCs by these categories:

  • My Enclaves (private)
  • Premium Intelligence Sources
  • OSINT Intelligences Sources
  • Intel Researchers
  • Date Last Seen - select last seen date range for reports to show in results panel

For more information, see Filtering IOCs.

Filter State Persistence

Selected filters are automatically applied across all searches, IOCs and reports. If you select filters in any of the categories, the same filters is applied for all investigations from that point forward. For example, if you filter to show only EU-CERT intelligence in the Reports view, that filter will only show IOCs from EU-CERT and searches will only use the EU-CERT enclave.

If you are searching for a specific item and do not see expected results, you may need to check filters to see what enclaves you are searching through and what date ranges are being used.


How Did We Do?