Search Filters
Use the following filters to search and locate specific threat data elements:
Filter | Definition |
Object Type | Choose from Indicator, Malware, Attack Pattern, Threat Actor, Campaign, Course of Action, Vulnerability, Identity, Infrastructure, Intrusion set, Location, Malware Analysis, Observed Data, Opinion, Tool, Report, Custom Object, and Observable, to filter the required threat data type. |
IOC Type | Choose from the list of indicators to further narrow down the search. This filter is available for the Indicator object type. |
Source | Choose from the sources configured in CTIX to filter the threat data objects. CTIX shows the type of source with the source name to provide better visibility. For example, Bambenek (APIs), Kaspersky (Enrichment), and more. |
Source Type | Choose from the types of feed sources that you can configure in CTIX, such as STIX, APIs, RSS, and so on. |
Source Collections | Choose from all collections that are part of a feed source. |
Source Confidence | Choose High, Medium, Low, or none for confidence reported for this intel by a feed source. |
Source Created Date* | Choose a date when the intel was created by a source. |
Source Modified Date* | Choose a date when the intel was modified by a source. |
Subscriber | Choose from the list of subscribers configured in CTIX. |
Subscriber Collections | Choose from the list of all subscriber collections defined in CTIX. |
Published Collections | Choose from the list of all published collections defined in CTIX. |
Source Type | Choose from the list of sources, such as STIX, RSS, API, Email, Web Scrapper, and Twitter. |
Published Date* | Choose a date when the intel was published. |
System Created Date* | Choose a date when the intel was created in CTIX. |
System Modified Date* | Choose a date when the intel was modified in CTIX. |
TLP | Choose from the list of TLP values Red, Amber, Green, and Yellow. |
Valid From* | Choose a date when the intel is valid. |
Valid Until* | Choose a date until which the intel is valid. |
Tags | Choose the tags applied to the threat data elements. On the Threat Data listing page, a maximum of 50 tags are displayed. To view the list of all applicable tags, check the details page of the threat data object. |
Analyst Score | The analyst score represents a score set by an analyst. Choose a range between 0 and 100 to filter objects by the analyst score. |
Analyst CVSS Score | CVSS score represents a scoring standard for vulnerabilities and can help in prioritizing the remediation of vulnerabilities. Set a minimum and maximum range between 1 - 10 to filter vulnerability objects. You can set up to two decimal values for this score as well. |
First Seen* | Select a date that represents when the intel is first seen. |
Last Seen* | Select a date that represents when the intel is last seen. |
Manual Review | List contains yes or no. Based on your selection the search window shows the threat data that has been or has not been manually reviewed by an analyst. |
Indicators Allowed Status | List contains the status of allowed or blocked indicators. |
Action Medium | Select Manual or Rule to filter the objects that have any actions performed on them either manually or using a rule. |
Actioned By | Select by the analyst who has performed any actions on the threat data. |
Actioned On* | Select the date range between which any actions are performed on the threat data. |
Actioned Type | Select if the actions performed on the Threat Data are done manually or automated through Rules. |
Actioned App Type | Select if the actions on the Threat Data are performed in CTIX or by any other third-party application. |
Actioned App | List includes all the configured third-party applications in CTIX. |
Relation Type | List contains the relationships that can exist between Threat data elements as defined in STIX. |
Related Object | List contains all the Threat Data object types defined in CTIX. |
Has Relations | Select Yes or No to filter the objects that have relations with other threat data objects. |
Rules | Select from the list of rules defined in the platform to filter the results. |
Revoke Status | Select Yes or No to search for IOCs marked as revoked in the platform. |
Relation Created Date* | Select a start and end date and time range to search for relationships created between the set range. |
Relation Modified Date* | Select a start and end date and time range to search for relationships modified between the set range. |
Note
If you are a read-only user, your permissions across the platform are limited. As a result, you may not have access to certain Threat Data filters based on your assigned permission set. For example, if you do not have permission for Administrator > Integration Management > Feed Sources, you won't be able to view filters like source, source type, source collections, and more.
*For more information about dates in the platform, see General FAQs.