Create a Saved Search
CTIX enables analysts to save the frequently searched threat data elements and the CQL queries. As an analyst, when you save a search, it allows you to easily access the target results and save time. You can share a saved search globally, allowing other users to directly access the targeted results.
Before you Start
Ensure that you have the View Threat Data permission to view the Threat Data module and create saved searches.
Steps
To create a saved search, do the following:
Create a saved search using filters.
Create a saved search using CQL queries.
Manage a saved search.
Create a Saved Search Using Filters
Create a saved search using filters, such as the object type, source, source collections, published collections, created on, TLP, tags, and more.
To create a saved search using filters, do the following:
From Main Menu, open Threat Data under Collection.
Select Filters on the right side of the page.
Select from the required filter types on the left side of the page.
Click Save Search and enter a title.
To make the saved search available to everyone, select Share it globally.
Click Save.
Create a Saved Search Using CQL Queries
Create a saved search by writing CQL queries to analyze huge volumes of data efficiently and obtain faster results.
To create a saved search using CQL queries, do the following:
From Main Menu, open Threat Data under Collection.
Select CQL on the right side of the page.
Place the cursor in the search bar and enter a CQL query.
For example, you want to search for indicators coming from import, you write the following query: 'Object Type' = "Indicator" AND 'Source' = "Import".
For more information, refer to Cyware Query Language (CQL) and Learn CQL Syntax.
Click search and click Save Search on the right side of the page.
To create a new search, select Create New and enter a title.
To overwrite an existing saved search, select Overwrite Existing and enter a title.
To make the saved search available to everyone, select Share it globally.
Note
Read-only users can only create private saved search queries and cannot share them with other CTIX users.
Click Save.
Manage a Saved Search
To manage a saved search, do the following:
From Main Menu, open Threat Data under Collection.
Click Switch To Saved Search on the left side of the page.
Click the ellipsis(...) of the saved search, and choose from the following:
To rename the saved search, click Rename.
To delete a saved search, click Remove.
To make the search available for everyone, select Share it globally.
Note
Read-only users can only create private saved search queries and cannot share them with other CTIX users.
To pin the search, click the pin.