Search query fields

You can search for entities and observables based on specific fields in their data structure.
Elasticsearch maps and indexes these fields.

Kibana offers a GUI to look up this information, and to display a list of all available Elasticsearch index fields.
To access Kibana:

1. In the web browser address bar, append /private/kibana/app/kibana# to the platform base URL.
   Example: https://${platform_host}/private/kibana/app/kibana#

2. In the side navigation bar click Management.
   The default tab view is Index Patterns.

3. In the Index Patterns tab, on the index list under Create index pattern, click stix.
   The resulting view lists every field in the stix index along with the corresponding field type, as registered in Elasticsearch.

4. To search for specific index fields, in the Filter input field start typing the JSON path defining the field you are looking for.

If the index pattern list is empty, no index patterns have been defined in Kibana, yet.
You can proceed to define index patterns as necessary.

After looking up an index field, you can search for specific values or data patterns:

1. In the side navigation bar click Discover.

2. Click the index drop-down, and select stix.

3. In the search input field, you can run queries on index fields by specifying literals, wildcards, ranges, and Boolean operators using the Lucene query syntax.