Skip to main content

Cyware Threat Intelligence eXchange

Search Filters

Use the following filters to search and locate specific threat data elements:

Filter

Definition

Object Type

Choose from Indicator, Malware, Attack Pattern, Threat Actor, Campaign, Course of Action, Vulnerability, Identity, Infrastructure, Intrusion set, Location, Malware Analysis, Observed Data, Opinion, Tool, Report, Custom Object, Grouping and Observable, to filter the required threat data type.

IOC Type

Choose from the list of indicators or observables to further narrow down the search. This filter is available for both the Indicator and Observable object types

Source

Choose from the sources configured in CTIX to filter the threat data objects. CTIX shows the type of source with the source name to provide better visibility. For example, Bambenek (APIs), Kaspersky (Enrichment), and more.

Source Type

Choose from the types of feed sources that you can configure in CTIX, such as STIX, APIs, RSS, and so on.

Source Collections

Choose from all collections that are part of a feed source.

Source Confidence

Choose High, Medium, Low, or none for confidence reported for this intel by a feed source.

Source Confidence Value

Specify minimum and maximum values to filter threat objects based on their source confidence level. The source confidence value ranges from 0 to 100, with 0 indicating non-malicious data and 100 representing highly malicious data.

Source Created Date*

Choose a date when the intel was created by a source.

Source Modified Date*

Choose a date when the intel was modified by a source.

Published Collections

Choose from the list of all published collections defined in CTIX.

System Created Date*

Choose a date when the intel was created in CTIX.

System Modified Date*

Choose a date when the intel was modified in CTIX.

Risk Score 

Specify minimum and maximum values to filter threat indicators based on their risk level. The risk score, ranging from 0 to 100, represents the associated risk, with 100 indicating highly malicious activity and 0 indicating non-malicious activity.

TLP

Choose from the list of TLP values: Red, Amber, Amber+Strict, Green, and Yellow

Valid From*

Choose a date when the intel is valid.

Valid Until*

Choose a date until which the intel is valid.

Tags

Choose the tags applied to the threat data elements. On the Threat Data listing page, a maximum of 50 tags are displayed. To view the list of all applicable tags, check the details page of the threat data object.

Analyst Score

The analyst score represents a score set by an analyst. Choose a range between 0 and 100 to filter objects by the analyst score.

Analyst CVSS Score

CVSS score represents a scoring standard for vulnerabilities and can help in prioritizing the remediation of vulnerabilities. Set a minimum and maximum range between 1 - 10 to filter vulnerability objects. You can set up to two decimal values for this score as well.

Subscriber Collections

Choose from the list of all subscriber collections defined in CTIX.

Source Type

Choose from the list of sources, such as STIX, RSS, API, Email, Web Scrapper, and Twitter.

Published Date*

Choose a date when the intel was published.

First Seen*

Select a date that represents when the intel is first seen.

Last Seen*

Select a date that represents when the intel is last seen.

Manual Review

List contains yes or no. Based on your selection the search window shows the threat data that has been or has not been manually reviewed by an analyst.

Indicators Allowed Status

List contains the status of allowed indicators.

Action Medium

Select Manual or Rule to filter the objects that have any actions performed on them either manually or using a rule.

Actioned By

Select by the analyst who has performed any actions on the threat data.

Actioned On*

Select the date range between which any actions are performed on the threat data.

Actioned Type

Select if the actions performed on the Threat Data are done manually or automated through Rules.

Actioned App Type

Select if the actions on the Threat Data are performed in CTIX or by any other third-party application.

Actioned App

List includes all the configured third-party applications in CTIX.

Relation Type

List contains the relationships that can exist between Threat data elements as defined in STIX.

Related Object

List contains all the Threat Data object types defined in CTIX.

Has Relations

Select Yes or No to filter the objects that have relations with other threat data objects.

Rules

Select from the list of rules defined in the platform to filter the results.

Revoke Status

Select Yes or No to search for IOCs marked as revoked in the platform.

Relation Created Date

Select a start and end date and time range to search for relationships created between the set range.

Relation Modified Date

Select a start and end date and time range to search for relationships modified between the set range.

Has Sighting

Select Yes or No to filter objects based on the presence of related sightings.

Sighting Located

Select Yes or No to retrieve the Location and Identity objects associated with the sighting objects.

Sighting Observed

Select Yes or No to retrieve the Observed Data objects associated with the sighting objects.

Sighting First Seen

Select a date range to filter objects based on the first seen timestamp of the related sighting object.

Sighting Last Seen

Select a date range to filter objects based on the last seen timestamp of the related sighting object.

Sighting Source Created

Select a date range to filter objects based on the source-created timestamp of the related sighting object.

Sighting Source Modified

Select a date range to filter objects based on the source-modified timestamp of the related sighting object.

Note

If you are a read-only user, your permissions across the platform are limited. As a result, you may not have access to certain Threat Data filters based on your assigned permission set. For example, if you do not have permission for Administrator > Integration Management > Feed Sources, you won't be able to view filters like source, source type, source collections, and more. 

*For more information about dates in the platform, see General FAQs.