Filter and Refine Panel

Updated 1 week ago by Elvis Hovor

The Filter and Refine panel, available when working with reports or IOCs, is where you can select which enclaves to use and also which third-party intelligence sources to use. You may need to scroll within the panel to see all options available to you.

You can filter information by selecting specific enclaves or dates. For example, you can choose to only utilize two or three OSINT intelligences Sources rather than use all of them.

Using the Filter And Refine Panel

Use the arrows on the top right corner of a section to expand or hide that section. To select all items in a section, click Select All. To select individual items, click on the item and you will see a checkmark appear to the right, indicated it is now a selected item. You can select all the items in a section by clicking Select All, or click it again to deselect everything in that section.

The number of selected filters per category is shown next to the category name; for example: Premium Intel Feeds (4) means that you have selected four of those enclaves and any other enclaves you have in that category are not being checked while you conduct an investigation.

To clear all filters, click the Reset to Default Filters button at the bottom of the panel.

Filter Persistence

Selected filters are automatically applied across all searches, IOCs and reports. If you select filters in any of the categories, the same filters is applied for all investigations from that point forward. For example, if you filter to show only EU-CERT intelligence in the Reports view, that filter will only show IOCs from EU-CERT and searches will only use the EU-CERT enclave.

If you are searching for a specific item and do not see expected results, you may need to check filters to see what enclaves you are searching through and what date ranges are being used.

Available Filters

The table below lists the types of filters in this panel.

Filter

Description

My Enclaves

Lists the enclaves, both private and shared that you can access with your account credentials. This list does not include any third-party enclaves (Premium Intel, Open Sources, or Intel Researchers).

Premium Intel

Third-party intelligence sources that require a subscription to access and use.

Open Sources

Third-party sources that are open to all users.

Intel Researchers

A curated list of key cyber-intelligence researchers available to all users.

Tags

Displays tags you can use to filter data. Use the search bar at the top of the section to find and select relevant tags.

MITRE ATT&CK

Displays tags for MITRE ATT&CK. Use the search bar at the top of the section to find and select relevant tags. Link: Information on the MITRE ATT&CK platform.

Date Last Seen (Reports)

Date Last Seen (IOCs)

The date range to filter on, anywhere from one day to all available dates (Max).

IOC Type

When working with IOCs, you can choose which types of IOCs to filter out.


How Did We Do?