About the Filter Panel
These filters are designed to fine-tune your threat data using specific artifacts.
You can select the following filters:
Date range: Select the initial date range when intel was ingested.
Modified Date Range: Select any additional instances of intel ingestion.
Sources: Select specific sources that your threat data is coming from.
Blocked Status: Select whether the threat has been blocked.
Risk Severity: Select what the severity of the risk is.
Criticality: Select how critical the data is for the success of the business.
Confidence: Select how relevant a threat is based on a set of customizable parameters.
TLP: Select the traffic light protocol which is a set of designations used to ensure that sensitive information is shared with the appropriate audience.
Tags: Select specific metadata you want to apply to your canvas (e.g., a specific actor).
SDO Type: Select a STIX Domain Object (SDO) to describe the characteristics of an incident.
Following Status: Select whether you follow a source or not.
Intel Grading: Select how reliable the intel is.
Source Grading: Select how reliable an intelligence source is.
Manual Review: Select whether you want to audit data manually to lessen false positives.
Reviewed: Select whether the data has been reviewed or not.
Deprecated: Select if this is out of date.
Subscriber(s): Select which subscribers can review this information.
False Positive: Select whether to review for false positives.
Allowed or Blocked Status: Select a node that’s been allowed or blocked.
If you’re only interested in certain domain objects or have too much information on your canvas, you can use the node analysis feature to better analyze complex threat data. Node analysis allows you to filter the canvas data and focus on relationships between relevant threats. Filters can be created date, modified date, threat data sources, blocked status, severity, criticality, etc. To filter your data, do the following: