Search, Filter & Sort

Updated 2 weeks ago by Shimon Modi

The search, sort and filter features allow users to focus on specific set of data that match their criteria. Users can apply the filter and sort criteria directly to their report and IOC lists or in conjunction with search.

With Search you can find IOCs and Reports that contain the keyword. Search will return results that have a complete match with the keyword. For partial term matches you can use wildcard (*) at the start or end of the search term. After logging into TruSTAR you will see the search bar at the top of the application. You can use Filter feature to apply enclave, date, tags and IOC type filters. 

Click in the search box, type in the search term, and press enter. Results are separated by IOCs and Reports and you can see how many hits you got for each.

If you're interested in Advanced Search features and functionality, click here.

Filter

With this release we have expanded the different types of filters you can apply for Reports and IOCs. Because Reports and IOCs have different data elements the types of filters for both are different.

Filter for Reports

You can filter Reports by the following:

  • My Enclaves (private) - select private enclaves to show in results panel
  • Closed Sources - select subscribed closed sources to show in results panel
  • Open Sources - select subscribed open sources to show in results panel
  • Intel Researchers - select all intel researcher enclaves to show in results panel
  • Date Updated - select last updated date range for reports to show in results panel

Filter for IOCs

You can filter IOCs by the following:

  • My Enclaves (private) - select private enclaves to show in results panel
  • Closed Sources - select subscribed closed sources to show in results panel
  • Open Sources - select subscribed open sources to show in results panel
  • Intel Researchers - select all intel researcher enclaves to show in results panel
  • Date Last Seen - select last seen date range for reports to show in results panel

Filter State Persistence

Selected filters will be persisted and applied across all Search, IOCs and Reports. When a user selects their filtering parameters in any of the categories ( My Enclaves , Closed Sources, Open Sources, Intel Researchers, Date Last Seen) the same filter parameters will be applied when they move between Search, IOC's or Reports.

As an example if a user filters to view only EU-CERT open source feed in the reports view and the user navigates to the IOC. That filter will still be persisted and will only show IOCs from the EU-CERT open source feed. Similarly for a search, the search term will only be searched for in the filtered enclave (EU-CERT)

The number of selected filters per category is also shown next to the category name. eg Closed Sources (4) - Meaning 4 closed sources have been selected to be filtered against.

Users do not have to select apply filter for their filter selections to be applied. All filters are applied and the new results displayed just by selecting the filter.

Sort

Because Reports and IOCs have different data elements, the sort options are also different.

Sorting for Reports

You can sort Reports in four different ways:

  • Newest to Oldest Submitted: uses date when report was submitted.
  • Oldest to Newest Submitted: uses date when report was submitted.
  • Newest to Oldest Updated: uses date when report was last updated.
  • Oldest to Newest Updated: uses date when report was last updated.

Sorting for IOCs

You can sort IOCs in two ways:

  • Last Seen: uses date the IOC was last seen.
  • First Seen: uses date when IOC was first seen.


How Did We Do?