Using the Filter and Refine Panel
The Filter and Refine panel is available when you are working with Intel Reports or Indicators. It enables you to select which Enclaves to use and also which Intelligence Sources to use. You may need to scroll down to see all options available to you in the panel.
You can filter information by selecting specific Enclaves or dates. For example, you can choose to only utilize two or three Open Source intelligence (OSINT) Sources rather than use all of them.
Using the Filter And Refine Panel
Use the arrows on the top right corner of a section to expand or hide that section. To select all items in a section, click Select All. To select individual items, click on the item and you will see a checkmark appear to the right, indicated it is now a selected item. You can select all the items in a section by clicking Select All, or click it again to deselect everything in that section.
The number of selected filters per category is shown next to the category name; for example: Premium Intel Feeds (4) means that you have selected four Premium Intelligence enclaves and all other Enclaves you have access to in that category will not be used while you conduct the current investigation.
To clear all filters, click the Reset to Default Filters button at the bottom of the panel.
Selected filters are automatically applied across all searches, Intel Reports and Indicators. If you select filters in any of the categories, the same filters are applied for all investigations from that point forward. For example, if you filter to show only EU-CERT intelligence in the Reports view, your work going forward will show only Intel Reports and Indicators from EU-CERT and searches will only use the EU-CERT Enclave.
The table below lists the types of filters in this panel.
Lists the Enclaves that you own or that have been shared with you by others.
External intelligence sources that require a subscription to access and use. These include Premium Intelligence and Open Sources.
Open Sources (OSINT)
External intelligence sources that are free to all users. You may need to register with a specific organization to gain access to an enclave.
Displays tags you can use to filter data using 'AND' logic. Use the search bar at the top of the section to find and select relevant tags.
Displays tags for MITRE ATT&CK. Use the search bar at the top of the section to find and select relevant tags.
Link: Information on using MITRE ATT&CK platform and tags.
Date Last Seen (Reports)
Date Last Seen (Indicators)
The date range to filter on, anywhere from one day to all available dates (Max). Max date range is defined as Epoch milliseconds format which goes as far back as Jan. 1st, 1970.
When working with Indicators, you can choose which types to filter out.