Filter entities with histogram
You can filter entities and observables in a Graph using the histogram filter. This allows you to to isolate specific subsets, based on shared properties and attributes.
When you analyze entities and observables on the graph canvas to explore relationships and to, almost literally, join the dots you may want to apply quick filters to the elements on the graph without having to move them around or temporarily remove them.
At the top right corner of a graph, select the filter icon to open the histogram pane.
You can select one or more options by clicking the corresponding checkbox:
Select a checkbox to display nodes with the corresponding property or attribute.
Deselect a checkbox to hide nodes with the corresponding property or attribute.
By default, all checkboxes are selected and all the nodes and the relationships loaded on the graph are visible.
The histogram pane makes available many ready-to-use filters. You can stack and combine filters as you need. See the table below for their specific functionalities.
Category |
Checkbox |
Definition |
|
Show singletons |
Click the toggle switch to show or hide singleton nodes. |
|
Show external references |
Click the toggle switch to show or hide external references. |
Entity type |
Multi-type-group |
Select this checkbox to view grouped entities containing mixed entity types. Select one or more options in this category to view specific entity types. |
Observable type |
|
Select one or more options in this category to view specific observable types. |
Sources |
Missing source |
Select this checkbox to view entities and observables that are not associated with any data source. Select one or more options in this category to view entities and observables ingested from specific data sources, that is, incoming feeds and enrichers. |
TLP |
Missing TLP |
Select this checkbox to view entities with no TLP flag. Select one or more options in this category to view entities flagged with the specified TLP color codes. For example, you can use this filter to include in the resulting graph view only entities flagged as reserved, or that require immediate action. |
Source reliability |
Missing source reliability |
Select this checkbox to view entities and observables that are not associated with any data source. Select one or more options in this category to view entities and observables flagged with the specified source reliability value. |
Confidence |
Missing confidence |
Select this checkbox to view entities whose confidence level is not set. Select one or more options in this category to view entities and observables flagged with the specified level of confidence; it flags the estimated level of confidence to assess the accuracy and trustworthiness of the entity information. |
Observable classification |
Missing observable classification |
Select this checkbox to view entities and observables whose maliciousness confidence level is not set. Select one or more options in this category to view observables flagged with the specified level of maliciousness. |
|
Bad |
Select this checkbox to view observables whose maliciousness confidence level is set to Malicious - High confidence, Malicious - Medium confidence, or Malicious - Low confidence. Select one or more options in this category to view observables flagged with the specified level of maliciousness. |
|
Good |
Select this checkbox to view observables marked as Safe. Select one or more options in this category to view observables flagged with the specified level of maliciousness. |
Tags |
Without tags |
Select this checkbox to view untagged entities. Select one or more options in this category to view entities flagged with the specified tags. |