Use the context filters#

Besides quick filters, you can also access contextual drop-down filter menus.

The drop-down filter menus are available on selected Intelligence Center views, and on most detail panes for entities, observables, datasets, and feeds.

Filtering options for these menus may vary, depending on where in the Intelligence Center they are available.

Classification#

Filters objects on the current view by maliciousness classification.

Select one or more checkboxes to include in the resulting filtered view observable rules that apply an action to flag matching observables as malicious, safe, or unknown.

The filter is available in the following Intelligence Center area:

  • Rules > Observable

Date#

Filters objects on the current view by date.

Select a start and an end date to include in the resulting filtered view observables created within the specified time range.

The filter is available in the following Intelligence Center areas:

  • Entity detail pane > Observables tab

  • Observable detail pane > Observables tab

  • Incoming feed detail pane > Content tab

Entity types#

Filters objects on the current view by entity type.

Select one or more checkboxes to include in the resulting filtered view the specified incoming feed entity types.

The filter is available in the following Intelligence Center area:

  • Incoming feed detail pane > Content tab

Kind#

Filters objects on the current view by observable data type.

Select one or more checkboxes to include in the resulting filtered view observables whose data types match the specified values.

The filter is available in the following Intelligence Center areas:

  • Entity detail pane > Observables tab

  • Observable detail pane > Observables tab

Maliciousness#

Filters objects on the current view by maliciousness classification.

Select one or more checkboxes to include in the resulting filtered view observables flagged as malicious, safe, or unknown.

The filter is available in the following Intelligence Center areas:

  • Entity detail pane > Observables tab

  • Observable detail pane > Observables tab

My tasks#

Filters objects on the current view by task user role.

Select one or more checkboxes to include in the resulting filtered view tasks the current user created, or tasks the current user is assigned to.

The filter is available in the following Intelligence Center area:

  • Workspaces > ${workspace_name} > Tasks

Origin#

Filters objects on the current view by observable data source.

Select one or more checkboxes to include in the resulting filtered view observables whose data sources match the specified values.

EclecticIQ Intelligence Center creates observables as a result of the ingestion process, after running an enricher, or when a user manually adds an observable to an entity.

The filter is available in the following Intelligence Center area:

  • Entity detail pane > Observables tab

Show#

Filters objects on the current view by the specified properties or attributes.

Select one or more checkboxes to include in the resulting filtered view items whose properties or attributes match the filter selection.
The filter is available in the following Intelligence Center areas:

  • Workspaces, where the available filtering options are Case, Generic, Team, and Topic.

  • Rules > Entity, where the available filtering options are Disabled and Enabled.

  • Rules > Observable, where the available filtering options are Disabled and Enabled.

Source#

Works like the Source quick filter.
The filter is available in the following Intelligence Center areas:

  • Rules > Entity

  • Rules > Observable

Status#

Filters objects on the current view by task status.

Select one or more checkboxes to include in the resulting filtered view tasks whose workflow status matches the specified values.

The filter is available in the following Intelligence Center area:

  • Workspaces > ${workspace_name} > Tasks