Filter and Refine Panel
The Filter and Refine panel, available when working with reports or IOCs, is where you can select which enclaves to use and also which third-party intelligence sources to use. You may need to scroll within the panel to see all options available to you.
You can filter information by selecting specific enclaves or dates. For example, you can choose to only utilize two or three OSINT intelligences Sources rather than use all of them.
Using the Filter And Refine Panel
Use the arrows on the top right corner of a section to expand or hide that section. To select all items in a section, click Select All. To select individual items, click on the item and you will see a checkmark appear to the right, indicated it is now a selected item. You can select all the items in a section by clicking Select All, or click it again to deselect everything in that section.
The number of selected filters per category is shown next to the category name; for example: Premium Intel Feeds (4) means that you have selected four of those enclaves and any other enclaves you have in that category are not being checked while you conduct an investigation.
To clear all filters, click the Reset to Default Filters button at the bottom of the panel.
Selected filters are automatically applied across all searches, IOCs and reports. If you select filters in any of the categories, the same filters is applied for all investigations from that point forward. For example, if you filter to show only EU-CERT intelligence in the Reports view, that filter will only show IOCs from EU-CERT and searches will only use the EU-CERT enclave.
The table below lists the types of filters in this panel.
Lists the enclaves, both private and shared that you can access with your account credentials. This list does not include any third-party enclaves (Premium Intel, Open Sources, or Intel Researchers).
Third-party intelligence sources that require a subscription to access and use.
Third-party sources that are open to all users.
A curated list of key cyber-intelligence researchers available to all users.
Displays tags you can use to filter data. Use the search bar at the top of the section to find and select relevant tags.
Displays tags for MITRE ATT&CK. Use the search bar at the top of the section to find and select relevant tags. Link: Information on the MITRE ATT&CK platform.
Date Last Seen (Reports)
Date Last Seen (IOCs)
The date range to filter on, anywhere from one day to all available dates (Max).
When working with IOCs, you can choose which types of IOCs to filter out.