Skip to main content

Cyware Threat Intelligence eXchange

Search Filters

Use the following filters to search and locate specific threat data elements:

Filter

Definition

Object Type

Choose from Indicator, Malware, Attack Pattern, Threat Actor, Campaign, Course of Action, Vulnerability, Identity, Infrastructure, Intrusion set, Location, Malware Analysis, Observed Data, Opinion, Tool, Report, Custom Object, and Observable, to filter the required threat data type.

IOC Type

Choose from the list of indicators to further narrow down the search. This filter is available for the Indicator object type.

Source

Choose from the sources configured in CTIX to filter the threat data objects. CTIX shows the type of source with the source name to provide better visibility. For example, Bambenek (APIs), Kaspersky (Enrichment), and more.

Source Type

Choose from the types of feed sources that you can configure in CTIX, such as STIX, APIs, RSS, and so on.

Source Collections

Choose from all collections that are part of a feed source.

Source Confidence

Choose High, Medium, Low, or none for confidence reported for this intel by a feed source.

Source Created Date*

Choose a date when the intel was created by a source.

Source Modified Date*

Choose a date when the intel was modified by a source.

Subscriber

Choose from the list of subscribers configured in CTIX.

Subscriber Collections

Choose from the list of all subscriber collections defined in CTIX.

Published Collections

Choose from the list of all published collections defined in CTIX.

Source Type

Choose from the list of sources, such as STIX, RSS, API, Email, Web Scrapper, and Twitter.

Published Date*

Choose a date when the intel was published.

System Created Date*

Choose a date when the intel was created in CTIX.

System Modified Date*

Choose a date when the intel was modified in CTIX.

TLP

Choose from the list of TLP values Red, Amber, Green, and Yellow.

Valid From*

Choose a date when the intel is valid.

Valid Until*

Choose a date until which the intel is valid.

Tags

Choose the tags applied to the threat data elements. On the Threat Data listing page, a maximum of 50 tags are displayed. To view the list of all applicable tags, check the details page of the threat data object.

Analyst Score

The analyst score represents a score set by an analyst. Choose a range between 0 and 100 to filter objects by the analyst score.

Analyst CVSS Score

CVSS score represents a scoring standard for vulnerabilities and can help in prioritizing the remediation of vulnerabilities. Set a minimum and maximum range between 1 - 10 to filter vulnerability objects. You can set up to two decimal values for this score as well.

First Seen*

Select a date that represents when the intel is first seen.

Last Seen*

Select a date that represents when the intel is last seen.

Manual Review

List contains yes or no. Based on your selection the search window shows the threat data that has been or has not been manually reviewed by an analyst.

Indicators Allowed Status

List contains the status of allowed or blocked indicators.

Action Medium

Select Manual or Rule to filter the objects that have any actions performed on them either manually or using a rule.

Actioned By

Select by the analyst who has performed any actions on the threat data.

Actioned On*

Select the date range between which any actions are performed on the threat data.

Actioned Type

Select if the actions performed on the Threat Data are done manually or automated through Rules.

Actioned App Type

Select if the actions on the Threat Data are performed in CTIX or by any other third-party application.

Actioned App

List includes all the configured third-party applications in CTIX.

Relation Type

List contains the relationships that can exist between Threat data elements as defined in STIX.

Related Object

List contains all the Threat Data object types defined in CTIX.

Has Relations

Select Yes or No to filter the objects that have relations with other threat data objects.

Rules

Select from the list of rules defined in the platform to filter the results.

Revoke Status

Select Yes or No to search for IOCs marked as revoked in the platform.

Relation Created Date*

Select a start and end date and time range to search for relationships created between the set range.

Relation Modified Date*

Select a start and end date and time range to search for relationships modified between the set range.

Note

If you are a read-only user, your permissions across the platform are limited. As a result, you may not have access to certain Threat Data filters based on your assigned permission set. For example, if you do not have permission for Administrator > Integration Management > Feed Sources, you won't be able to view filters like source, source type, source collections, and more. 

*For more information about dates in the platform, see General FAQs.